FB-00000796 

October 2010 email indicating that Graph API now allows users to set detailed privacy 
settings. 

FB-00000489 

January 2011 email from Bret Taylor requesting a meeting on behalf of Mr. Zuckerberg 
to obtain information around photo tagging by developers so Mr. Zuckerberg can make 
a decision on changing the policy. [“Do you two have a few minutes to chat with Mark 
[Zuckerberg] and me today?...Mark had some questions about STRIPE, if photo tags 
are included...I suggested he talk to you two directly about it so we can figure out a 
plan together.”] 

FB-00000481 

January 2011 email from Sam Lessin to FB employees confirming Mr. Zuckerberg is 
driving decisions regarding third party developer permissions related to photos. [“The 
basic deal is we don’t want this to happen, but we don’t want to explicitly disallow 
it...Right now, our analysis shows that the number of people...is far below the 100k a 
day that Mark [Zuckerberg] recommended is the line at which we would consider 
disallowing it.”] 

FB-00000422 

February 2011 email from Allison Hendrix regarding pressure from FB superiors to 
change photo tagging policy, noting that the decision would negatively impact well- 
intentioned developers when she states that if this new policy is implemented, the 
message to developers will be: “beware: you can read the policies up and down and 
Facebook still might kill your app.” 

FB-00000303-304 

April 2011 email from Mike Vernal to FB employees requesting that Facebook Platform 
Policy team change its policy regarding photo tagging permissions based on a 
decision by Mr. Zuckerberg [“Zuck separately reached out about the new photo tag 
model” and we have “3-4 weeks to improve or we have to turn off photo tagging for all 
but a whitelist (that’s my deal with Zuck).”] 

FB-00561938 - April 2011 chat with O’Neil and Carl (Sjogreen?). Carl says: “the other 
flow I don’t feel we have fully nailed here yet is that we are launching this new policy 
requiring publishing stuff back to the graph which Mark kind of wants to be the default 
which is pretty directly in contradiction to this. In other words, users can say they don’t 
want to publish something but that we should setup the flows so that they are 
encouraged to do so.” Zuckerberg driving the decision to get all content back on FB 
which is what most users found to be a privacy violation, not apps reading friend data, 
[eg Users care when anyone can see on Facebook that they just watched pulp fiction, 
not when an app authorizes a friend to see photos the friend can already see directly 
on facebook]. 



FB-00577650 - July 2011 email from Zuckerberg pasted into Vernal Sjogreen O’Neil 
thread where Zuckerberg provides detailed outline of what needs to be complete to 
launch the new Timeline. 

FB-00438360 - Aug 2011 O’Neil et al - discuss Elder whitelist platform and 
implications with photo/video access. Investigate what Elder is to understand if 
unequal access to photos/videos was being provided as early as 2011. 

FB-00438468 - Aug 2011 O’Neil et al - discuss Elder whitelist platform. David Pio: “I 
also recall months ago in a zuck Q&A that our checkin APIs would not be changing 
when asked about elder related location changes. I have been telling my partners 
who are concerned that the graph api is stable and won’t be changing.” Evidence 
of Facebook representing to other companies that graph api won’t be changing based 
on zuck answers in a q&a. 

FB-00481617 - Aug 2011 email with O’Neil and others regarding Bing access to 
friends photos and videos. Harshdeep Sing discusses being “whitelisted for Elder”. 
What is Elder? 

FB-00574447 - Oct 2011 email in which Cross and O’Neil discuss privacy issues. 
Cross: “If I use The Guardian’s app, in the GDP I can set my reads to be visible to only 
me. However, the app can’t see this setting and makes my reads visible to my other 
friends who use the app within the app’s Ul. They’re getting complaints about this - 
users expect the privacy setting they set in the GDP to be respected in the app. Do we 
plan to make an action’s privacy settings visible via the API? How should partners deal 
with this case?” They never fixed this privacy issue. 

FB-00439054-67 - Oct 2011 Vernal, Wyndowe, O’Neil, Tung - discuss blacklisting 
Twitter from friends list using same template as YT, then implement blacklist of 
Twitter. They figure out that Twitter links represent about 1 % of the outbound traffic 
for Facebook but up to 33% of the outbound traffic for Twitter, meaning that FB has 
huge leverage over Twitter. Wyndowe notes Zuck’s involvement in saying: “Zuck plans 
to call Jack before subscribe launches to give him a heads up.” Then they have an 
internal discussion along the following lines: Wyndowe to Kelly: “Hey bud, favor to ask. 
Can you check to make sure we restrict the Twitter API to block out friend lists?” Kelly: 
“I’ve never heard of us blacklisting certain APIs, so I’m not even sure where to start. 
Plus, I’m slammed with f8 right now.” Tung: “Youtube is not allowed to see users that 
don’t already use the app, so a friend list would be returned, but it would be only 
friends that are already Youtube users. This was never enabled for Twitter.” Vernal: 
“We would just reuse the YT [Youtube] one. It wouldn’t make sense to build a separate 
one. Can enable within minutes. Prefer to tackle post f8 if possible.” Wyndowe: “How 
long would this take to enable for twitter? Instead of the YT version, can we just not 
return any friend info? In any case, we should probably wait a couple of days so that I 
can send a summary to Zuck, Bret and Javi, etc.” Vernal: “did we indeed add a 
‘special check’ to block Twitter getting access to get friends? It doesn’t seem to be 
working anymore.” Biswas: “we don’t have such a moratorium, nor have we ever (at 



least in platform integrity land) - there could be some one-off sitevar though. I’d be 
happy to add one...” Yesugey: “Niket Biswas, would [it] be possible to permanently 
put a read_friendlists moratorium on app 2231777543?” 

FB-00481611 - Oct 2011 email O’Neil, Vernal and others in which they discuss 
launching the Open Graph timeline. Vernal writes that “General rule of thumb here 
has been we’ll launch OG partners when we hit 80% of users having Timeline. 
Exact date TBD by Mark, as Eddie points out.” 

FB-00561849 - Oct 2011 email regarding a “Private API: Add profile photo upload/edit 
to graph API”. 

FB-00537160 - Oct 2011 email from Desai to Vernal O’Neil others sharing user 
feedback on privacy regarding sharing Netflix movies they watched automatically on 
Facebook. Notes that “These results were gathered when privacy controls on GDP 
were entirely undiscoverable.” FB doing a bad job on privacy and blaming developers. 

FB-00533818 - Nov 2011 chat string between Paul Mcdonald, O’Neil and Zuckerberg 
regarding cross-promotion via open graph. Zuckerberg writes: “Does this diff include 
things like linking the titles “Friends” to the Friends tab, “Places” to the maps tab, and 
“Groups” to some logical place?.... Some of the report and recent OG activity box titles 
are links to their respective app tabs and others aren’t. I don’t see why we wouldn’t 
make these all links. I also think we should make the icons link as well. In general, 
the more cross-linking and exploration behavior we can encourage, the better.” 
Zuckerberg encouraging more distribution via open graph, increasing user base, 
supporting developer growth, etc., in late 2011. 

FB-00439462 - Chris Cox Dec 2011 Key Product Areas and Owners. Interesting 
because no explicit discussion of restricting data access - it seems at this time FB still 
thinks Open Graph is valuable to its business. Cox notes that Eddie and Austin Flaugen 
are responsible for Open Graph and the goal is to “launch custom open graph 
broadly”. What does custom mean? Also note that Dirk Stoop is listed as the PM for 
Photos. May want to contact Dirk Stoop. 

FB-00545723 - Jan 2012 email “Privacy Review”. “More clarity and control. We’ve 
updated the app install screen to make it more clear what an app does before you use 
it and give you granular control over who can see your app activity on Facebook.” 

FB-00558226 - jan 2012 ios6 integration presentation regarding syncing contacts and 
calendar with facebook on iPhones. “Contact syncing exposes our graph to 
competitors” (28). Ability to execute on ios6 integration may help “get faster approval 
on iOS app submissions” (44). 



FB-00477297 - Feb 2012 email from Vernal to O’Neil, Sjogreen, Federov, Mosseri. This 
is before PS12n and Vernal writes in the context of an iOS deployment of FB, “I think 
we should allow some friends_* permissions here. It seems strange to have a 
social platform and not allow some friends_permissions. Personally, I think we 
should make this include...” and then he lists a variety of friends_* permissions. 

FB-00474387— March 2012 O’Neil writes in a chat string “Do we need to break this? 
Or can we just document the Ads format but still support both formats? We’d like to 
avoid breaking things wherever possible in order to avoid thrashing developers.” 

Before Oct 2012 when O’Neil became aware of the “Protect the Graph” project. This is 
the kind of comment FB should be making! Remarkable to see O’Neil’s comments 
change after he is brought into “Protect the Graph”. 

FB-00474412 - March 2012 O’Neil writes in an email to a FB employee regarding a 
random issue: “We should be careful saying that we’re ‘deprecating’ checkins since 
some developers will interpret that as ‘deleting’ checkins. Instead, we should just de- 
emphasize checkins in the docs / permission set; the checkin APIs will be around for a 
long time. ©” Shows that developers could reasonably interpret “deprecation” as 
something other than “deletion” since this is what FB’s own employee, Karan Mangla, 
does. 

FB-00495737 - March 2012 Q&A with Mark that generally discusses photos and 
platform, noting that a lot of Facebook’s mobile apps like Messenger and Photos are 
designed to replace the functionality on your phone and make Facebook your phone 
instead of using specific apps for each task: “The net result is that all of this stuff is 
building towards social Facebook versions where you can use the individual app or the 
Facebook version. You’ll be able to replace whole parts of your phone with these 
Facebook apps and will be a whole package for people.” 

FB-00556111 - Apr 2012 chat where Lessin says “I think each photo does need 
pop...” Shows involvement in photos and privacy. 

FB-00559511 - April 2012 task for “App privacy settings don’t affect uploaded photos 
/ videos”. Doesn’t seem like it was ever fixed. 

FB-00494207 - April 2012 chat string for a task “URGENT: Diageo / Alcohol Gating on 
Apps” where shown that APIs don’t have age gating on them, constituting a significant 
privacy violation. Arthur Rudolph FB employee explains that it has been that way for 6 
years since they first implemented platform APIs. He quotes a prior conversation from 
years ago: “As a wise man once said, ‘for better or for worse, age restrictions only 
apply to who can load canvas, not api visibility.... Yes, I completely forgot this and just 
found the above (terrifically wise) quote while investigating why we weren’t doing this). 
This has been the implementation from day 1 of app restrictions, probably 5-6 years 
ago. I assume someone from legal knows about this, and I think they’ll be required to 
get us to actually change anything here.” Shows FB ignored privacy and any privacy 



issues was FB’s fault and had nothing to do with developers, so instead of fixing 
privacy, which is easy and they already had tasks for, they just shut it all down. 


FB-00521850 - May 2012 Vernal Federov Purdy O’Neil and others discussing Zynga 
pulling in friend data for data mining. Ryan says “All devs are going to do this if we 
don’t white list it”. Suspect this behavior from Zynga around leaking graph is the type 
of thing FB management discusses to restrict data access. 

FB-00483662 - June 2012 O’Neil and Vernal chat string before PS12n discussions. 
O’Neil: “I think apps in the ecosystem are better if we let them read data from us.” 

Discusses with Vernal meeting with Apple saying Apple is “willing to let us whitelist 
read+write” and we would “grant basic / friends / email / birthday, they would like to 
list those explicitly”. 

FB-00556813 - July 2012 email from Blake Barnes FB employee noting that “a few of 
my friends have been complaining about getting random notifications about one of 
their friends’ photo uploads.” 

FB-00559682 - Aug 2012 photo privacy issue 

FB-00563064 - Aug 2012 O’Neil gets Apple apps iMovie and iPhoto whitelisted for 
uploading photos and videos to FB graph. 

FB-00569937 - August 2012 O’Neil email to Federov and Jennifer Taylor. O’Neil: “The 
API improvements include: 1/ adding “field expansion” to the Graph API. This makes 
it easier for developers to read properties from objects and connections in the 
graph. For example, developers building mobile apps can read properties from a 
user, their friends, and their friends’ photo albums in a single request to the 
Graph API. This makes it much easier for developers to get exactly the data they 
need for their mobile apps.” Shows O’Neil inducing developers to use friend data 
before the PS12n efforts are decided upon or made known to him. Federov clarifies: 
“The privacy check is a NOP for these as tis is just a new way to access existing data. 
There is no new data exposed.” 


FB-00552036 - Email from FB employee August 2012 noting what seems to be the 
same privacy bug reported in FB-00552033 just more than two years earlier. Seems 
like they have the same bug and never fixed it for over two years with massive privacy 
violation. 

FB-00489319 - Oct 2012 email with Cox, Daniels, Vernal, Dirk Stoop and others 
regarding access to photos on iOS. Cox wants to add a warning for when people reject 
sharing photos with Facebook saying “Warning: answering no will remove your ability 
to share your photos with your Facebook friends”. Dirk Stoop disagrees and argues 
that it doesn’t instill trust and tries to trick users into giving FB more permissions. 



Shows Cox involvement in photo policy and FB employees pushing back from 
aggressive approach to make FB a dominant photo platform at potential expense of 
privacy. 

FB-00423235-36 

October 2012 chat string where Mr. Vernal notifies certain FB employees of the 
decision to restrict data access to competitors on Facebook Platform and the reasons 
for making the decision. [“As many of you know, we’ve been having a series of 
conversations w/ Mark [Zuckerberg] for months about the Platform Business Model.” 
The question they’ve been grappling with is “why do we let apps access all this data 
today?” Mr. Vernal then communicates that they have already decided to restrict data 
access, including removing friends permissions, and that they are going to prevent 
competitive applications from using their data “without a formal deal in place”. An FB 
employee then responds that this will require the Platform Policy & Ops team (the team 
responsible for managing a fair and neutral application economy) “to require a new 
level of subjective evaluation” as to whether the developer has provided value that is 
“sufficiently reciprocal”. 

FB-00473675 - Vernal Oct 30 2012 note to Open Graph product managers - Vernal’s 
comment about having a series of conversations with Zuckerberg for months about 
Platform Business Model, restricting data to competitive apps, etc. Also includes a line: 
“On Canvas we didn’t have to ask ourselves these hard questions, because getting 
someone to build an app on canvas accrued a bunch of value. On Mobile, we need to 
ask ourselves these hard questions. Why let someone like Pinterest or Path read 
all of our data, create a separate standalone app, and then never use our paid 
distribution to compensate us?” 

FB-00519531 - October 30, 2012 - better version of Vernal note around Platform 
Business Model, includes additional comments from Vernal showing that restricting 
data access is a way to get developers to pay FB for stuff. Alex Flimel challenges 
Vernal on the impact: “Quora can’t read my list of friends and suggest that I follow 500 
people, checked by default, when I sign up for the app.” Vernal: “Well, native + web 
plugins don’t make us any money either. I don’t think we’re getting rid of them, and I 
think we should continue to work on them, but I wouldn’t take this as a “shift all our 
resources to plugins” mandate. I think we should focus on building things that are 
valuable to developers (that they’ll pay for).... If they want to invite folks, they 
have to use our premium invitations feature.” 

FB-00573608 - Oct 30 2012 Vernal email with additional comments. Vernal: “We 

should give distribution to apps that generate value. One form of value is direct 
revenue (from canvas ads, or payments, or boosting). Another form of value is in 
engagement. So if Instagram photos drive engagement on FB, I think we should give 
that distribution. So we should focus on value, but value is more than just revenue.” 



FB-00536437 - November 2012 email from Jolley to Koumouzelis and O’Neil, subject 
“Platform v3 (do not forward)”. Jolley: “FYI - I mentioned Platform v3 today. The basic 
idea is that since we are making a number of fairly fundamental changes to platform as 
a business, we should bundle these together and release them as a ‘new version’ 
sometime next year. The idea is this would be our main focus for HI 2013 at least. 

Here are the rough notes I sent to Doug summarizing the plan as I see it. Very rough; 
and not at all in stone. (Mark hasn’t even fully settled on what he thinks our 
business model should be) but it should at least summarize the thinking.... We 
will start to talk about this in earnest when we get back from Thanksgiving and 
after Mark has a chance to make his final calls with Mike, Doug and m-team. Here 
are my initial rough thoughts on how Platform v3 would be defined all put together. 
Questions: Directionally right? Any major missing pieces? Any major open issues you 
think I skipped over? CHARTER: The overall charter for platform is to encourage 
developers to provide quality content to our social graph, usually in exchange for 
growth. Secondarily, we aim to provide incremental revenue to Facebook, 
operating as a profit center. 1. Plugin Users. They can use our basic social plugins, 
app install ads, and other products to generate growth. These integrations are easy to 
build, and contribute both revenue and content without having access to our data - 
which is a fine exchange and we don’t want to screw with it. Platform Users. These 
apps read from our social graph. Some of them also write back to our graph, but 
many of them read a lot more than they write and in doing so they are essentially 
using us to gain users without giving us much in return in terms of either revenue 
or data. This group also tends to be the most likely to abuse our users, build 
spammy apps, etc. This is the group we want to fix. CORE PRODUCTS: We will 
divide platform into two basic products.” Describes “simple social” product which is 
free and no friend data and “Advanced Platform - the most powerful social 
platform on the planet ($49/app/yr)” with access to graph API except some 
restricted APIs. And then “PREMIUM/PAID PRODUCTS (may roll out separate 
from 3.0 launch)” with App Install Ads, Paid Invites, Paid Notifications, 
Recommendations API. Then Jolly writes: “In addition to these two new products, we 
are also going to retire or restrict certain APIs that we have found over the years 
don’t contribute to value of users, Facebook, or often even developers. Therefore 
we are going to remove the following: Frined_* data. You can retrieve user data, 
but you cannot retrieve data from a user’s friends unless they also TOS your app. 
Non-TOS’d Friends from friend list (maybe). I think this would be very destructive 
to the ecosystem, but we could talk about it. Additionally, the following Graph API 
features will be restricted. You will need to submit for additional business approval to 
activate them, [meaning essentially you submit a review where you explain how you 
intend to use the feature and why. We generally will only allow them if we feel it is 
aligned with our business interests, as defined by us.]” 


FB-00429159 



December 2012 email in which FB employee Ling Bao lists the 10 most popular types 
of data accessed by developers on Facebook Platform, which includes 
“friends_photos”. 

FB-00473864 - Feb 2013 O’Neil writes in chat string regarding a random change: “To 
be clear, this isn’t actually a breaking change since there was no such API to be 
compatible with and the previous API still exists. ©” Similar to Graph API 2.0/1.0 in 
terms of it not being a breaking change if we take O’Neil’s definition. 

FB-00474028 - Feb 2013 Chat string regarding photos CRUD API where Chris Pan 
says regarding photos, “Re privacy, the very short summary is that we ideally want to 
match snap.” This is for apps where users can upload photos, so different use case 
here, but illustrates attention to Snap’s dominating the photo sharing and messaging 
space and FB getting concerned. 

FB-00473649 - Task from March 2013 regarding Foursquare wanting any friends’ 
content that has a place tagged on it. Chris Ackermann writes: “Philosophically, we 
may not want third-party apps being able to pull this since it could bootstrap their own 
competitive products, but wanted to get this group’s thoughts.” 

FB-00430057 - Mar 2013 Purdy, Osofsky, Archibong and others discussing pre¬ 
enforcement of canvas policy on Amazon Gift App that was approved 6mos prior. 
Purdy: “I want to give regular devs 90 days to react to these changes. Fine giving 
Amazon longer, but we’ll need to manage any outcry from other devs.” (59) Jeetendra 
Mirchandani (Jeetu@amazon.com) tells Jackie Chang at Facebook “This will break 3 of 
our live integrations” that were approved 6mos prior. (60) 

FB-00534487 - March 2013 Purdy email to Hagman, Koumouzelis O’Neil Federov and 
others with subject “Unified review as business value gate”. Purdy: “I have been 
thinking about the challenges around reciprocity and competitive enforcement 
(friends.get, etc.) and fact that it is all post facto. The way we are structured 
today, you build an app on FB and then launch and then we may just shut you 
down, harming users and the developer. I wonder if we should move as quickly as 
possible to a model in the product where all you get from platform is login (basic 
info) and sharing without approval. All other APIs are available in development, 
but have to be approved before the app launches to real users (basically all apps 
using friends.get have to have that capability approved). We are roughly on 
course to deliver this as part of unified review, save for the more granular 
approval for things like friends.get? What I love about this too is we could make 
our whitelists so much cleaner by making each capability an approval thing. 

Marie: I think makes your “deprecations” much easier. Thoughts?” 



FB-00494539 - April 2013 email from Purdy “Platform Products and Programs 
Highlights”. “Platform Strategy: We locked our top-level platform strategy with 
Mark on Monday (doc + talk attached). Key thing is that platform is not just an 
identity platform, but now includes paid app distribution experiences (neko, etc.) 

and will include foundational app services to help developers build x-platform apps.” 
Shows Neko weekly revenue at $7.1 M up 5.5% from prior week. 3,482 apps spent on 
Neko in second week of April up 8.6% from prior week. 

FB-00557156 - April 2013 email from Bao saying he logged into 36 top apps and “it 
was a terrible and eye-opening experience.... 25 had non-delightful experiences in at 
least one of their endpoints...i.e. anything that felt busted / unpleasing that a user 
might blame FB for.” 

FB-00241060 

Presentation from April 2013 answering FAQs regarding Facebook Platform around 
privacy: “We’re committed to giving everyone the power to control and personalize 
their Facebook experience. People on Facebook can choose where and with whom 
their information is shared from the privacy settings page, or - more granularly - 
through per-object-privacy and specific app permissions.” 

FB-00558202 - May 21,2013 document summarizing mobile re-engagement using 
Neko to monetize developer apps. (tied to email FB-00558191). 

FB-00458654 - May 2013 discussion of “NEKO” and how to use it for re-engagement. 
Notes that NEKO started 9 months prior and that 50% of revenue is still pay per click. 
Discuss using a certain type of ad, Type 32 ad, to drive mobile advertising in newsfeed 
to deep link into partner apps. 

FB-00521939 - May 2013 email between Vernal O’Neil Hagman Federov discussing 
how to handle removal of full friends list for providing social context, agree on creating 
a social context API. Vernal is already focusing on user trust messaging. Vernal: “1/We 

explored this extensively a year ago but decided that it would crush traffic to 
developers. Since then, I think we’ve moved away from our singular focus on 
distribution and would be more willing to make this trade-off. 2/A number of 
people have asked to have per-item control of historical imports from action importers 
and have expressed concern about enabling future-syncing given the opportunity for 
embarrassment. In the spirit of focusing on the user and focusing on trust, I feel 
like we should be listening more strongly to this feedback. 3/ As we remove friend 
data from the API, I realized we’ll need to add some kind of social context API that lets 
you contextualize some object (e.g. “The Godfather - 30 of your friends watched 
this”).” 

FB-00534978 - May 2013 email from Purdy to Federov Lee O’Neil Koumouzelis and 
others, subject “Platform 3.0 (revisited)”. Purdy: “In terms of the removal of non-app 



friends, friends.*, other FB app replacement APIs (read.stream) and the 
requirement for reciprocity, we want to ensure that we have a fairly positive 
message around these changes, rather than ‘FB is removing a bunch of stuff and 
requiring a new (data) tax’. I know there have been point-wise conversations 
around this, but I want to ensure that we are all lined up around this framing. 
Concretely, here is my current thinking: Reciprocity: We have already rolled out the 
policy and we are communicating our perspective about this with developers. In terms 
of the preferred implementation to achieve this, Action Importers, we shouldn’t 
require developers to implement this until we have proven that they add value (I 
personally think they will go a long way to get to 100% connected FB users). My 
expectation is that we won’t be in a position to require these until HI 2014. Non-app 
friends, friends.*: We are still currently on track to remove these APIs, but I think 
we need to ‘reset’ how we are talking/planning/working the removal. Based on 
talking with Mike and other folks, this really feels like we are being punitive 
towards developers in an unnecessary way. As such, it is really incumbent on us 
to ensure that we have ‘scenario-replacements” for the most common and non¬ 
competitive scenarios: great friend invites and personalization. Concretely, this 
means that we need to ensure that our request (GeorgeA/ishu) and messaging 
(Eddie/Greg) are just as effective at requests/invites before we announce the removal 
of these APIs.” 

FB-00494014 - June 2013 email for platform product launch from Kevin Prior 
describing June releases for Neko v4 and “TEST: Buy on Facebook Partners (Karma 
self-gift).” What was Neko v4? 

FB-00485786 - June 2013 email string in which Purdy, O’Neil and others discuss the 
Net Promoter Scores for Facebook Platform. Purdy suggests breaking the NPS down 
into cohorts: “1/ Managed Partner cohort that all partners + PDCs go into. - 9. 2/ Neko 
cohort. -2. 3/ Canvas Games that use payments cohort. 4/ I am a real developer cohort 
(apps that use social plugins are excluded). 5/ I am a social plugins developer (apps 
only use social plugins). 6/ iOS cohort (developers with apps configured for iOS). -13. 

7. Android cohort (developers with apps configured for Android. -14. Web cohort 
(developers with apps configured for Canvas/Connect).” Discuss Zuck review. We 
should check the developers in these lists and compare to the whitelisted to see which 
cohorts are most whitelisted. 

FB-00523402 - June 2013 Purdy email regarding preparation for Zuckerberg review on 
June 27 of engineering roadmap. Purdy: “Mike and I are roughly lined up on the top 
level agenda for our Zuck review on the 27 th .... What is our current user trust/sentiment 
score over this period [wrt Login]?.... We are the #1 identity provider. We have done a 
lot of work to harden the system and improve user trust. That said, it is not enough. We 
still have at least one more iteration before we think we have addressed the core trust 
issue.” Did Hendrix participate in June 27 meeting? 



FB-00235809-10 

June 2013 email exchange in which FB employees make a decision to restrict data 
access to Amazon in order to prevent Amazon’s Gift product from being able to 
compete with Facebook’s Gift product. An FB employee, Jackie Chang, notes that 
“Platform will be pushing a functional change to friend GET APIs around Oct., which 
will limit Amazon’s ability to read friend data (including birthdays) to only friends 
connected to that App. This should significantly stymie Amazon’s ability to grow the 
gifting app beyond users immediately connected.” A member of the Platform Policy 
team (the team responsible for managing a fair and neutral application economy), Ime 
Archibong, notes that Amazon’s Gift product was previously approved a number of 
months ago because at that time “it didn’t equate with ‘FB core functionality’” and that 
they now “need to consider broadening the scope of our ‘core functionality’ litmus test 
to include things like e-commerce integrations,” meaning to expand aggressively the 
definition of apps they consider to be competitive and remove data access to them. 
The email string is then forwarded to Mr. Zuckerberg’s communications assistant, 
Jonny Thaw. 

FB-00433791 - Aug 2013 Vernal admits that with Graph API 2.0 “the majority of the 
API surface” was removed. “For developers, the key problem is that we don’t invest in 
APIs wehre there isn’t a clear business model - we’re just not good at it. Games + 
Neko are stable because they’re clearly worth investing in. so is Login + Sharing 
(mostly). Everything else is half-broken, because it doesn’t make sense to invest ~10 
engineers in supporting Event APIs, or Group APIs, or Photo APIs, etc. This leads to 
broad developer mistrust, because they have no idea what APIs are safe to use, and 
which aren’t. So we’re proposing a pretty radical simplification of platform. 

Mission: Help developers build, grow and monetize mobile apps. 

Core: Login, Sharing, Ads, Payments functionality. Will commit to 3-year breaking 
change policy. 

Beta: Open Graph APIs, many social plugins, insights, etc. Will commit to 3-month 
breaking change policy (should this be 6?). 

Deprecated: Majority of the API surface.” 

FB-00477024 - August 2013 chat string between O’Neil and Koumouzelis. K: “I’m a 
little surprised the partnership team is already communicating these changes to 
partners - the dates haven’t been nailed down yet, nor the deprecation plan”. O: “I 

think getting off of friends.get is going to be like withdrawing from meth for some 
partners - esp. the big ones. And will be hard for Netflix to understand.” K: 

“agreed - but we don’t have to make this so painful. We can treat it as a public 
permission and limit use... imho it’s no worse than our current process for 



whitelisting access to special apis...actually a little better, since we at least make 
it known.” O: “Agree - downside is that it dilutes the user message since some 
apps can get your friends. That said, I like your proposal. ©” K: “yeah - I think we 
need to finesse the messaging, agreed. But that should happen after we have a 
complete proposal in place. I feel like we are over rotating again - ‘Stop All The 
Data Leaks!’ and using a hammer when we really can use a scalpel here.. will 
mention this to Doug as well.” K: “there are certain permissions we want them to flag 
and raise to product...this could be one of them..i’ve been working with ops to bucket 
permissions: i.e. tier 1 you can grant without too much process. Tier 2 required in 
depth review and strict guidelines for usage. Tier 3 requires approval from 
product. Not all permissions are equal and we should make sure ops has 
guidance on how to review them. I don’t have all the answers yet;) but I think this 
warrants a little more thought before we decide.” O: “Agree with the thinking about 
bucketing permissions and having some be product-approval-only. I’m just 
concerned that grey will just confuse people and give apps hope that they can be 
the special case. But I agree that it warrants some thought before we decide.” 

FB-00455361 - Aug 2013 Vernal, Lacker, Bao et al engineering thread, Vernal 
proposes initial bucket of core/beta/kill(whitelist), discuss changing internal name from 
Platform 3.0 to Ps12n. 

FB-00527170 - Aug 2013 email between Lacker, Vernal, Sukhar, Federov, Purdy, 
O’Neil, Koumouzelis preparing for Zuckerbeg meeting, Subject is “Slides for Platform 
Simplification”. Lacker: “I’m sure this is too much detail for zuck reviewing...” (71) 

FB-00433781 -82 

August 2013 chat string between Mr. Sukhar and Doug Purdy in which they discuss 
the pressure they are receiving from Mr. Olivan to consider all applications competitive 
and remove data access to all of them except the ones they choose to whitelist. Mr. 
Sukhar asks: “Is it possible for us to get to a state where core permissions are not 
bifurcated based on whether the app is competitive or not? That’s a real core and I 
think it would play well in the press (e.g. ‘Facebook stabilized API, even for competitive 
apps’).” Purdy responds: That is sharing only, if we are being honest about it...Javi 
[Olivan] hates that we even give profile pics to competitive apps...Mike [Vernal] and I 
were discussing a ‘restricted’ level that is just dialogs and plugins. That is a core that 
anyone can use. It leaks nothing....no user data given to competitors...Mike [Vernal] 
and Zuck [Mark Zuckerberg] should way [sic] in...but the truth is that we are going to 
be under pressure to pull more and more user data from competitors over time.” 

FB-00573558 - Aug 27, 2013 Purdy Email to Vernal Sukhar Federov Daniels O’Neil 
Rose Lacker Koumouzelis, subject: “PS12N Zuck review”. Purdy: “Constantine: Good 
work on your first Zuck review. © Mike: any backchannel feedback from Zuck we 
should know about? Everyone: Mike asked me to drive getting answers to Zuck’s 
main questions (which were from my standpoint): 1. Rm APIs: Does a world class 



xxx (photo / video / events) product need an API? If so, what is the priority for the 
team? If we (platform) already have this API, aren’t we imposing a burden on the 
team (albeit small)? 2. Timing: is there a way to front load this work to earlier in 
the year? We can move around F8 for this purpose.... I would like to get a strawman 
proposal for Mike to review with an eye toward a zuck review next week by 
Friday.” Did Hendrix attend? 

FB-00061653-54 

August 2013 email exchange among FB employees Chris Daniels, Ime Archibong, 
Simon Cross and Konstantinos Papamiltiadis in which Daniels notifies the others that 
Mr. Zuckerberg has requested a spreadsheet of the Private API Agreements listing all 
the companies that are receiving data access that will be shut off. Archibong notes that 
a list of all the companies with which Facebook entered into special agreements can 
be found at https://developers.facebook.com/docs/guides/mobile/dig/privateAPIsList. 
Daniels then instructs that for each company, the FB employees need to include 
information around whether their use of the API is “something that (a) we get value 
from, and/or (b) we would be hurt by turning it off” and if the answer is “no” to (a) and 
(b) “then we should turn off access” to data. 

FB-00061674 

August 2013 email from FB employee Chris Daniels to FB employee Doug Purdy in 
which Daniels notes that “there are three categories of ‘exceptions’ to being cut off: (1) 
platforms where we want a fb app but don’t want to build it, e.g. WP [Windows], 
Blackberry; (2) existing partners with relationship/PR issues with shutting down, ie 
Flipboard; and (3) partners who we may trade access to for value.” 

FB-00551862 - August 2013 email from Lacker to Purdy, Sukhar, Vernal, O’Neil, 
Federov regarding discussion about giving Bubbler founder and ex-Microsoft 
employee Dick Hardt access to a private API. Lacker writes: “Giving out private API 
access annoys everyone else when they see some app that competes with them 
doing something that they can’t do. I would rather we do that as little as possible, 
and in a way where being friends with someone in Platform does not help you So 
I like whoever is most likely to say “no” being the approver ;-)”. 

FB-00555295 - Aug 2013 email string with Koumouzelis O’Neil Himel Lacker Purdy 
Spehar Sukhar Bao Lee Gupta Federov “platform 3.0 2 nd rev”. Purdy sends an email 
emphasizing the user trust message and says “Below is a rough frame that Mike 
proposed in a separate thread.... Also, I know why we want to put Hendrix in here, but 
I think this is little different than the rest of the changes, so I think we should cut it from 
this plan.... People want more control over what they share back to Facebook. People 
want more control over what data they share to apps. People don’t like the app-as- 
proxy model.... We’re also removing the ability for a user to grant access to their 
friends’ data. This is an important change to increase the trustworthiness of the 
system.” Gupta: “Friends.get: I still don’t really understand the strong motivation 



for restricting this given the amount of complexity this brings with the other API 
we are building, and the fact that we can blacklist apps wherever we risk leaking 
the graph. Friends data: I like this for trust. I think we have contingency plan for 
developers that rely on this for ranking: whitelisting them, suggested friends API, 
invites flow?” Koumouzelis: “Doug & Mike are leaning towards locking this down 
completely. We can deprecate the /user_id/feed etc endpoints for all app...and 
limit this to a whitelist for strategic partners.” Koumouzelis answers in response to 
question of how do we figure out who to whitelist: “It will likely come down to 
partners that we have a non-standard contract with or strategic relationship 
with.” FB-00555306 - Aug 2013 “Platform 3.0” document describing the changes and 
rationale. User trust and privacy are already baked in as the key reasons for the 
changes. This document is attached to FB-00555295. 

FB-00061366 

August 2013 email exchange among Mr. Lessin and FB employees Archibong and 
Papamiltiadis in which Mr. Lessin directs them to restrict data access to all lifestyle 
applications on Facebook Platform because Facebook intends to compete with them. 
Lessin states: “my gut is pretty strongly that we should shut down access to friends on 
lifestyle apps...because we are ultimately competitive with all of them.” 

FB-00061367-68 

August 2013 email from FB employee Papamiltiadis in which he shares the results of 
an audit that identifies over 40,000 applications that will break as a result of 
Facebook’s decision to restrict data access. The email summary of the audit 
categorizes the applications by type and whether access to data will be shut off. For 
instance, the top category is gaming apps, which represent 25% of the entire audit list 
and they are in the “KEEP ACCESS” category. However, lifestyle (18%), messaging 
(6%), photosharing (7%), and media/music/books/fitness (7%) are all in the “REMOVE 
ACCESS” category. 

FB-00473314 - August 2013 Chris Daniels email to Vernal, Purdy, Sukhar, 

Koumouzelis, Federov and O’Neil saying to be ruthless shutting down the APIs they are 
closing for strategic reasons: “APIs: I agree with the bias to prune. My point isn’t to try 
to keep APIs, its to try to make decisions about how we shut them down. Those that 
we’re shutting down for strategic reasons, I think we can be ruthless. Those that 
we’re shutting down because they’re an unsupported/bad experience for 
developers, I think we can be fast and not fear any harm. It’s the last bucket of 
ones that we are shutting down due to resource constraints that I simply want to 
be sure we are prudent about who we’re impacting and how we approach. I am 
glad to hear that keeping some of them up for limited partners shouldn’t be a big 
cost - that was my presumption, and I think can save a lot of partner thrash.” 
Never mentions privacy and user trust as reasons for shutting down the APIs. Chris 
Daniels: “I thought Mark’s questions on our motivations for getting rid of APIs 
were good, and it would be a good exercise to bucket the APIs that we’re getting rid 



of in terms of their rationale as it can help us make decisions about how to deprecate 
them, for example... APIs we’re eliminating for strategic reasons: Newsfeed, 
friends.get. We should shut down ASAP.... APIs we’re eliminating due to developer 
perception (i.e. They’re not maintained, etc.)...we should investigate the scope of 
impact (i.e. who is using them for what) and shut down all together.... APIs we don’t 
want to support due to resources: Here, Mark’s feedback was good and I agree we 
need to be careful about eliminating these. Frankly, I think there are a bunch of 
contracts for them that are going to leave them up anyway for many partners and 
my team can do an analysis of who is using them for what and how we should 
handle. I’m thinking specifically about folks like iPhoto using our Photos APIs.” 
Vernal: “I don’t think the exercise should be “why are we getting rid of these APIs,” I 
think the exercise should be “why are we keeping them? There are certain APIs where I 
think we have a pretty clear strategic reason to keep them (Login, Sharing, etc.) and I 
can pretty easily articulate it. I think the APIs in question - photos, albums, videos, 
events, groups - need to have some strategic rationale in place...For photos, it might 
be that for competitive reasons, every photo sharing app has a set of APIs, so we need 
to keep ours as well. If so, we can pay that tax - but we should be clear why we’re 
paying that tax (perception management) and scope it. I think the question we should 
be asking ourselves is “What if we didn’t have this? What would the business cost 
be?” 

FB-00473462 - Aug 2013 email from Koumouzelis to Purdy, O’Neil, Hagman and 
Federov in which he says (63) “some permissions (read_stream, friends_*) are 
becoming deprecated (in actuality, privatized).” 

FB-00513522 - Aug 2013 chat string with Bao Vernal Purdy. Bao: “there’s a meme 
that fb will take away login if your app competes. Is there a minimal level of function 
/ data we can promise to always provide in p3 to be a utility here?” Purdy then 
responds they never took away login, just friends.get. He then says: “And I think we 
should potentially consider another bucket here: restricted. For wechat, etc.... 
Javi doesn’t like them with profile pics. So I think we may want to tackle now. We 
don’t even let them buy ads. Mike? I think you have to make the call here.” Vernal 
tells them reading photos and videos is not core and changes name to PS12n from 
P3.0. 

FB-00560652 - August 2013 Koumouzelis sends Platform 3.0 presentation and says 
“Timeline slide is intentionally absent given the latest re: Zuck review.” Did Hendrix 
attend this Zuck review? 

FB-00560701 - August 2013 Koumouzelis email to Sukhar O’Neil Lee Hagman with a 
few changes to Platform 3.0 Proposal: “Making the full friend list returned by 
friends.get a permission (with a strict usage policy), rather than deprecating the 
functionality completely.” Preparing a write up for Vernal to review. Sukhar says it looks 
good to him. 



FB-00513936 - Sept 2013 chat between O’Neil and Greg Marra where O’Neil tells him 
that after they deprecate read_stream permission it “will still be available to apps 
whose use is governed by contract - e.g. HTC, Microsoft, Blackberry, etc.” 

FB-00587355 - Sept 2013 “Platform Simplification” presentation prepared by O’Neil, 
Purdy, Sukhar stating that the goal is to “Protect the Graph” - “Deprecate all friendj* 
permissions, deprecate read_stream, approval app use of all permissions, [note: 
partners w/ contracts are protected].” Includes a launch timeline that has all PS12n 
deprecations complete by July 2014. 

FB-00433691 - Sept 2013 O’Neil “Core Platform” PS12N Status Update Presentation - 
references “Little-‘tin” and “Dark launch SLA” - what are these? Also, access detailed 
API spec at: http://home.fburl.com/~ekoneil/ps12n/ 

FB-00456661-64 - Sept 2013 email between TR, O’Neil and others discussing ability 
for games to access friends who have played games on Facebook even though they’ve 
never played that particular game. Namita Gupta writes: “For most other apps, we 
feel that we are giving up our IP of the friend graph away for free. For games we 
get a 30% rev share, so we are not giving this away for free.... We can also limit 
this API to an app that has a canvas game or is part of mobile publishing program to 
ensure that we are getting the right value exchange.” (64) TR responds “I agree this is a 
nice feature, especially for apps we get a cut from.” (61) 

FB-00478902 - Sept 2013 chat string with Purdy, Vernal, Sukhar, O’Neil, Koumouzelis, 
Federov. Purdy: “We can get time with Mark on Friday. Can we have an opinion on 
timeline...? Mark is out next week, so the 24 th is the next time. Would be great to 
talk this Friday if possible.” Koumouzelis: “If we feel the timeline is enough to talk 
to Mark about, we can do this but I feel it would be a 15-20 min conversation and 
we’d lack answers to the 2 other items he’s expecting us to come back with...” 
Purdy: “Ok. I would love it if we could update Mark in some way on Friday. I know 
everyone is working really hard on this, but we last went to Mark two weeks ago, 
so it would be good to demonstrate urgency given the opportunity. Perhaps we 
can push really hard toward an update and then if doesn’t come together we jump to 
the 24 th ?” Sukhar: “I think we can present both the timeline and the f8 proposal but 
unlikely to have a solid story we can back up regarding other teams. The most likely 
scenario is that the other teams leave their APIs in beta for the first iteration so I’m fine 
bringing that to Mark.” Purdy: “@Mike your read on just going back to Mark with that?” 
Sukhar: “I feel like we have enough API detail to take to Mark. He’s not going to worry 
about which SDK methods are in or out. The scenarios are pretty fleshed out. The 
ones that aren’t might actually require his input - e.g. whether we can commit to 
places search for 2 years. So, on that end, it’d be nice to ask him sooner rather 
than later.” Vernal: “I think our last review was: we want to introduce a stable core 



(login, sharing, payments) and commit to a 3 year breaking change window. We’re 
going to deprecate/federate all APIs that enable product-level integration (photos, 
videos, notes, etc.). We think this will take until January, and we’re still evaluating 
impact on f8. And I think Mark’s feedback was: stable core seems fine. Not sure 
about deprecate/federate, talk to other teams. Try to launch some of this stuff 
sooner.” Vernal: “(Mark is not the PM of this project, and so if there’s not a 
meaningful update or urgent questions we need feedback on, then I wouldn’t take 
the time.)” 

FB-00061222 

September 2013 email from FB employee Konstantinos Papamiltiadis stating that the 
reasons for restricting data access are to reduce API management overhead, move API 
decision-making and ownership to the product teams as opposed to the Platform 
Policy team, and to remove competitive threats. FB employees discuss enforcing 
against certain competitors before the April 30, 2014 announcement but that waiting 
until then would “theoretically kill two birds with one stone”. Nonetheless, 

Papamiltiadis writes: “I wanted to ask for your help and support to uncover any 
potential competitive threat and if significant enforce sooner.” 

FB-00061234-36 

September 2013 email exchange between FB employees Papamiltiadis and Ime 
Archibong in which they discuss the growth of competitive apps and what they spent 
with Facebook in 2013 in preparation for a meeting with Sam Lessin to determine, 
“based on Sam’s input...if we need to move a bit faster on certain apps” to restrict 
their data access. Papamiltiadis then confirms that he is going to continue with an 
audit of the top 500 competitors to Facebook and “communicate this plan with [Mike] 
Vernal and Sam [Lessin] to confirm whether the timing of the enforcement for those 
apps should coincide with the roll out of Platform Simplification [Graph API 2.0] or if we 
should act independently.” Another FB employee, Chris Daniels states the prevailing 
view that “it depends on the level of competitive threat that we uncover (i.e. if more, we 
should enforce sooner).” 

FB-00061250-53 

September 2013 email exchange between FB employees Papamiltiadis and Archibong 
in which Papamiltiadis prepares a plan for restricting data access to competitors based 
on a meeting in which Sam Lessin instructed him to do so. Archibong notes that based 
on Mr. Lessin’s comments, they need to be “a bit more aggressive with our data 
restrictions, to protect our strategic goals”. Papamiltiadis then summarizes the key 
points from the meeting in which he states that they need to finish identifying 
competitive apps, see how much they spend, communicate that data access is being 
shut off, and make exceptions for any apps that agree to spend at least $250,000 per 
year on Facebook advertising. [“1/ Find out what other apps like Refresh [e.g. 
competitors] are out there that we don’t want to share data with and figure out if they 
spend on NEKO [advertising]. Communicate in one-go to all apps that don’t spend that 
those permissions will be revoked. Communicate to the rest that they need to spend 



on NEKO at least $250k a year to maintain access to the data.”]. Papamiltiadis then 
states in a follow up email that Sam Lessin and Mike Vernal will provide the final sign- 
off for the plan. 

FB-00061393-95 

September 2013 email exchange discussing a message from FB employee David Poll, 
who expressed concern over the decision to restrict data access because it actually 
damages user trust and gives Facebook complete control over a user data as opposed 
to the user having control: “I was thinking about the Platform 3.0 friendjist change a 
bit as I was using my Android phone tonight and realized that two of the apps that 
most impact my day-to-day mobile experience will be completely, irrevocably broken 
by this change.” Mr. Poll then describes what these apps do on his phone and 
concludes: “In both of these cases, the apps are adding real value to my experience, 
and in both of those cases, I have zero expectation that any of my friends will be using 
the app. The fundamental problem I’m having with this change is that my friend list is 
my information - it’s part of who I am, and for Facebook to shut down this access 
primarily comes across to me as FB intruding upon and shutting down my own access 
to my own information. No matter how you slice it, this change is going to have a 
significant negative impact on my day-to-day smartphone experience.” FB employees 
discuss how to address Mr. Poll’s concerns potentially by whitelisting certain apps. 

Ime Archibong responds saying that Mr. Zuckerberg “wanted to shut off” these 
applications. 

FB-00061438-39 

September 2013 email exchange between FB employees Cross and Papamiltiadis 
preparing a presentation for the plan to restrict data access. Papamiltiadis notes that 
the decision to restrict data access to competitors is an “indirect” way to increase 
Facebook’s advertising revenues because partners either pay to access the data or 
they are shut down: “Removing access to all_friends list seems more like a indirect 
way to drive NEKO adoption.” Cross then responds that their mandate is to focus on 
the companies that pose a high competitive threat and to bucket them into: “1. Keep 
access (and verify we have an agreement with them); 2. Revoke access; 3. Keep 
access, but need to get an extended Platform agreement with them [e.g. Private or 
Extended API Agreement]; 4. Escalate (need someone else to make a call, or to provide 
more context.” 

FB-00460895-96 - Sept 2013 email in which Purdy, Sukhar, Federov and O’Neil 
prepare slides for “PS12N meeting with Javi”. Purdy: “I know there has been a few 
discussions with folks in growth, but getting Javi’s personal read is the most important 
because he is the most vocal critic of graph leakage (along with Sam) on mteam. I 
wonder if we use the same format as the meeting with Sam, save for one additional, a 
timeline slide?” Sukhar: “I prefer to just ask him what he dislikes about Platform and 
which parts he considers to be leakage. I don’t think Sam found the slides to be that 
useful.” Federov: “I think Javi will care about app friends, third party ids, info released 
per use, login v4 (any potential for not giving the app a channel to the TOSed user), 



cutting of friend data permissions. He is unlikely to care about anything else as 
would like us to shut platform down ©”. 

FB-00493943 - Sept 2013 chat string with Federov TR O’Neil Singh preparing for 
meeting with Olivan that day (did Hendrix attend mtg?). O’Neil: “We’ve been saying 
that apps can’t access non-app friends, but that’s a slightly inaccurate phrase, 
right? Want to confirm the proposed model ahead of talking to Javi today: 1/all 
apps can access non-app friends 2/apps can access these fields for each non-app 
friend: {first name, third_party_id, picture) 3/ GET /(third_party_id) doesn’t do anything 
4/ and of course friends_* are deprecated.” TR: “In this model giving the actual ids 
of friends would be a capability rather than a permission.” O’Neil: “Ah - ok, so API 
would support reading via GET /(3rd_party_id). That’s cool. Ok - so some whitelisted 
apps (presumably w/ contracts) could access id. Makes sense - thanks for 
confirming.” TR: “Eddie I fwded you an email I sent to David Wei & co abt whether this 
proposal is necessary & sufficient. Would be good to get answers to those qns from 
javi.” O’Neil: “here’s a doc David put together about leakage after yesterday: 
https://docs.fb.com/writer/ropen.do?rid=osbqe7ab6972b037643cc9a79dc76f7705ec7 . 

” Singh: “Seems like they are mostly concerned about giving access to email.” Who is 
they? 

FB-00499976 - Sept 9, 2013 PS12n meeting discussion. Federov says he is meeting 
with Vernal. O’Neil asks to join. Federov tells him “it will be most productive as the 
smallest set” and keeps O’Neil out of meeting. 

FB-00560169 - Sept 2013 chat between Lacker and Singh. Lacker: “One note on 
terminology, if something no longer works we shouldn’t call it “deprecated” - that 
typically means it works but is unsupported. In order to have a two year breaking 
change window it does seem like the old versions should only be unsupported 
once a newer version has been out for two years. For turning vl requests into using 
v2 once vl is no longer supported, that seems like it will break things and we will be 
afraid to do it. It seems like an ok strategy though if we can do it. Can we leave that 
part not explicitly publicly promised so we have freedom to change our minds later?” 
Singh: “I was thinking about versionins as “vn will have to work for at least 2 years after 
it is released”. But I tshould really be more like “vn will have to work until after 2 years 
v(n+1) is released” following what Vladimir and Kevin said. A regular cadence will be 
useful to us in this case. Even if we don’t have breaking changes, we should probably 
use versions to roll out new functionality, or move new APIs to core.” Lacker: “Yeah I 
was thinking of it as in, “No matter what day a developer starts using the Facebook 
Platform, if they use the most recent version, they can be confident it’s supported for 
two years.” Deprecated means what 643 says it means, like Lacker says. 

FB-00567344 - Oct 2013 email from Katie Faul to Cross Yang O’Neil and Bao. Faul: “I 
was ust replying to a developer question and was about to send the dev our Mobile 
Games Best Practices guide. This is a doc that our team shares with devs 



frequently. I happened to scan through the doc again quickly, and realized that the 
language in here around friend permissions is very counter to our upcoming 
platform simplification efforts and what we’re doing around user trust. Bolding is 
mine: Similar in sentiment to the ‘Make login prominent’ best practice, it’s 
recommended that you make the player’s personalized social context prominent within 
your game. When a player grants you basic read permissions, you have full access 
to their list of friends. Take immediate advantage of this and make it easy for 
them to connect to their friends within the game. Don’t force people to recreate 
existing friendships within your game. Instead, display their existing friend connections 
right away. Should this get updated? It feels against the spirit of where we are 
headed.” 

FB-00490163 - Core Platform presentation Oct 1 2013, goal of increasing FB/Parse 
adoption in mobile ecosystem. Why increase Parse adoption if going to shut down? 
“PS12n Graph protection - discussed 3 approaches with Growth - apps only access 
app friends, apps access all friends w 3 rd party IDs, apps access all friends w/ real IDs 
and channel protection. Growth’s major concern: don’t leak communication 
channels....Growth approved this proposal: App gets all friends....” Who runs Growth? 
Who is in mtg where this was presented? What does it mean “don’t leak 
communication channels”. Try to clarify growth’s seeming approval of apps getting all 
friends. Talks about exceptions for games and says will have a friends list replacement 
for games because removing friend_* yields lower quality MFSs.” What is an MFS? 
Says “cross app promotion: non-goal to support apps doing their own cross 
promotion. Use paid FB channels instead.” Does this say they are making it harder for 
apps to do organic promotion and instead will need to pay FB? 

FB-00534994 - Oct 2013 email O’Neil to Sukhar. O’Neil: ‘Pitching PS12n to 
engineering team-by-team.... Hendrix is being tested with partners and is on track to 
launch; it may grow in scope to include some doc rewrites.” What is Hendrix? 

FB-00558443 - Oct 2013 email from Dev Chakravarti to O’Neil summarizing some 
areas O’Neil was interested in investigating further: “Help defend why we need to 
‘protect the graph’. Plot API calls per DAU Per App and generate list of potential 
scrapers. Try to uncover other unusual app behaviors that may indicate scraping 
(overuse of unusual parts of the API?).” 

FB-00427400-06 

October 2013 email exchange in which Royal Bank of Canada (RBC) expresses 
concern that its new app will break without access to the full friends list. An FB 
employee, Sachin Monga, notifies another FB employee, Jackie Chang, that RBC is 
planning to spend more money on advertising with Facebook as part of its app rollout 
than almost any other advertising campaign in Canada (“I believe it will be one of the 
biggest neko campaigns ever run in Canada”). Chang loops in Simon Cross, who 
confirms that because RBC is signing a whitelist agreement and has access to “a 



private API, it shouldn’t be affected by ps12n” and “we’ll continue to return the users 
full friend list”. No contractual, financial or technical information is communicated in the 
exchange. 

FB-00433628 - Oct 2013 Sukhar O’Neil: “I just spoke to KP. He is livid about this 
whole thing. Thinks “Protect the Graph” is flawed. Thinks we will just whitelist all of our 
friends and that’ll alienate general devs. I would say his take is like mine 3 months ago. 
Less informed but fundamentally correct. We are eroding the value of platform for 
unclear reasons...he’s constantly burning his partners.” O’Neil: “Agree that Platform 
constantly changes things and burns partners.” 

FB-00523180 - Oct 2013 email from Lee to O’Neil TR Purdy Sukhar. Lee: “Key 
concern: we’re leaking the social graph to platform developers and that needs to 
stop. Proposed solutions to date: 1/ We remove all non-app friends from the API and 
force all developers to use a FB_hosted invite dialog to reach non-app friends. We also 
obscure the FB UID sufficiently to prevent reconstruction of the social graph. The 
proposal is to move to a user-app-pair hashed ID and only share first/last name and 
profile pic for non-app friends. Pros: Completely prevents developers from building out 
the social graph as they will only have the graph for users who have TOS’d their app. 
Cons: All custom multi-friend selectors will break and developers will need to integrate 
a new FB-hosted invite dialog. Developers with multiple applications will no longer be 
able to cross-promote intelligently.... 2/ We only obscure the FB UID sufficiently to 
prevent reconstruction of the social graph. The proposal is to move to a user-app-pair 
hashed ID and only share first/last name and profile pic for non-app friends. Pros 
Custom multi-friend selectors still work and will not require integration to a new FB- 
hosted invite dialog. Cons: Does not completely prevent developers from building out 
the social graph as they may still have enough information (email, first name, last name, 
profile pic) to stitch together some semblance of the graph. Developers with multiple 
applications will no longer be able to cross promote intelligently.... “ Sukhar asks: 
“Would we give this lookup API to everyone?... I am worried that providing a lookup 
API is a sign that we’re solving the wrong problem in the first place. Would growth 
actually be ok with this?” Lee: “At the end of the day, devs are just one click away 
from discovering this on their own anyways.... We could definitely look the other 
way on this, but we’re creating a situation where devs may resort to tactics that 
actually hurt user trust in some way.” 

FB-00433628 

October 2013 chat string between Mr. Sukhar and FB employee Doug Purdy in which 
they discuss how to get another FB employee, Konstantinos Papamiltiadis, on board 
with the scheme to restrict data access to competitors. Mr. Sukhar writes that 
Papamiltiadis “is livid about this whole thing. Thinks ‘Protect the Graph’ is flawed. 
Thinks we will just whitelist all of our friends and that’ll alienate general devs.” Mr. 
Sukhar goes on to say: “I would say his take is like mine 3 months ago, certainly less 
informed but fundamentally correct, ‘we are eroding the value of platform for unclear 
reasons’”. 



FB-00575243 - Oct 2013 email between TR Gupta Sukhar Lee Federov O’Neil Purdy 
and others. TR writes: “I understand we want to make it hard for a developer to 
grow a new app by cross promoting from existing apps. The one exception is 
canvas - we want developers to be able to grow a new canvas game by cross- 
promoting from an existing canvas game, and this is what the lookup API would solve.” 

FB-00576265 - Oct 2013 chat between Sukhar O’Neil Purdy Federov. Sukhar: “How 
are you guys thinking about this now? I have spent more time with partner 
managers than ever before on this trip and the feedback on Platform 
Simplification is universally negative.” O’Neil: “The devil is in the details here - so, 
can you expand on ‘universally negative’? I doubt more partner managers have a good, 
accurate and informed understanding of PS12n, though I’m sure talking to you helped. 
©” Sukhar: “I should have been clearer. It’s universally negative sentiment before I start 
the conversation. It gets better depending on the person and my ability to defend it at 
the time. The reason is we have not clearly communicated the reasoning behind 
the deprecations and the work we are doing to replace some of the use cases. In 
the absence of that, it looks like a confusing initiative mostly centered around 
Core which to them doesn’t seem nearly valuable enough to trade off with their 
partners.” O’Neil mentions a deck he showed to the Mobile Platform team last week, 
which was well received. Sukhar responds that the deck is fantastic. Then Sukhar 
says: “Interesting that we’re pitching as ‘protect advertising platform’ because my 
take was always that ‘protect against WhatsApp’ was much more the driver. 

Good: that’s a much clearer line of reasoning and easier to defend. Bad: it’s not a 
line of reasoning I have heard before.” Purdy asks if the deck includes the model 
they discussed. O’Neil writes: ‘yes, it includes a high level model of the aligned / 

competitive model we discussed last week. That said, I’m worried that we have 

conflicting goals - graph protection with no impact on apps. And, I expect it will take 
more time to land a solution.” Sukhar: “Conflicting goals amonst whom? Us? The 
company?” O’Neil: “Us, not limited to the folks on this thread. © Also discussed with 
Eugene a bunch last week.” Sukhar: “I’m not advocating for graph protection with 
no disruption. That’s clearly impossible. I just don’t understand exactly what the 
“graph protection” goal is and that worries me in terms of the resulting product.” 
O’Neil on Eugene: “He sees value in 3 rd party IDs because they protect against bad 
behavior / data aggregation.” O’Neil: “RE disruption: cool. My statement also 
comes with two goals Kevin, doug and I talked about last week - little impact to 
developer sat and revenue neutral.” Sukhar: “Ah - well, that will be challenging ©” 
O’Neil: “Indeed”. O’Neil: “Would like to find a way to tease apart FB’s value as a 
business from...the idea that there’s no need to protect the graph and that apps 
should be able to access data just because it exists. I’ve had a couple of 
conversations that question whether the Graph needs protecting and ask why 
apps can’t just read all the data.” Purdy: “What is the rationale?” Frankly, I think it’s 
different philosophies about developers and apps.... I think a solution is to help folks 
understand FB’s long term value as a company and the kinds of product 




experiences we want to build. And how that relies on protecting the Graph asset 
that’s hard to replicate but easy to leak.” Purdy: “ok. Thanks for the context. I don’t 
think we have too much time to debate this. We need to be executing on this plan. I 
want the parse team to be happy with the plan here, but I think we have moved 
past reopening our philosophy on user data. How can I help here? What are we 
blocked on?” Federov: “We chatted and I think kevin’s argument was more about if 
bringing this presentation up will help or hurt parse team morale.” 

FB-00577598 - October 22, 2013 Platform Simplification Presentation (black 
background). Chart with NEKO adoption hovering around 30-40% for top 2000 apps. 
Platform has problems, developers don’t trust, users don’t trust, platform is misused. 
Shows User Trust data on slide 8. The ones Cross circles: [“I don’t want to lose control 
of my information that is shared with apps/website” (14%, 13%) (June, Sept). 
“Apps/website using Facebook login often ask for unnecessary 
information/permissions (12%, 13%). “I can’t login without sharing any information 
about myself.” (10%, 12%). “I can’t easily control what information on the app/website 
uses for advertisements/marketing” (5%, 6%).] Uncircled: “I can’t easily control what 
information shows up in my friend’s newsfeeds from apps/website” (12%, 12%). “I’m 
afraid of someone hacking into my Facebook account” (9%, 10%). “I don’t want apps 
to see that I use certain apps/website (e.g. dating) (7%, 8%). “Logging in with 
Facebook doesn’t provide me with any obvious benefit (9%, 8%). Shows Top Daily API 
calls and get.user/friends is 8 th on list at 3.7% or 941M daily calls. The 7 calls before it 
are all related to basic user info. User/friends is the most called endpoint other than 
basic calls necessary for the app to function w fb. User/friends is called more often 
than user/picture (838M calls per day). Shows Top Daily API Callers, virtually all games 
except Microsoft. Shows apps who are requesting user friendlists most and Waze is 
the top. Waze makes 96% of all get.user/friendlists requests at 16.6M per day (614). 
YouTube, Klout make the most daily get.user/feed calls (615). Slide for “Daily Use of 
the Graph” shows “Permissions to be publicly deprecated (i.e. made Partner APIs)”. 
The two most popular are read_stream (41,191 apps call this permission each day) and 
friends_* (13,350 apps call this permission each day). “Takeaway: APIs intended for 
use by FB replacement apps are widely misused by Game / Non-game apps”. (618) 
App Taxonomy slide. Four buckets: “Pure competitor (Messaging apps, contact apps, 
FB replacement clients); Potential Competitor (Dropbox, Path, Evernote, Twitter, 
Pinterest); Aligned (Games, Commerce, Nike, NYT, Spotify, Tinder, and apps that ride 
on our graph); Partner (Apple, MSFT, Samsung and partners with contracts).” Then 
displays the allowed products (623). “Partner (need a contract with FB) to access non- 
app-friends, friends_*permissions,” etc. (631). “Fully Deprecated: XMPP Chat API, Reg 
Plugin, etc.” (632). Shows what is fully deprecated versus what is privatized. “Protect 
the Graph: mitigate this cycle: 1.3 rd party apps read user / friend info. 2. 4 th parties 
assemble info from multiple 3 rd parties. 3. 4 th parties then sell aggregated user profiles 
to 5 th parties. Reduces our value as an advertising platform [high fidelity user profiles is 
the value of our ad platform]” (642). “Protect the Graph: Make it difficult for 4 th parties 
to aggregate user info. May be painful for developers. Will still support core Game 



scenarios.” (643). “Protect the Graph: Deprecate read_stream [hi-pri directive from 
Mark]” (644) 

FB-00579914 - Oct 2013 email between Silver and others describing a meeting with 
O’Neil and Cross. Silver: “Had a good meeting with Eddie O’Neil...where we discussed 
what’s changing for the developers and what’s changing for us internally. There are 
public facing apis for the platform and private apis that select partners will either be 
whitelisted or sign contracts to access these apis (ie: public feed api, friends.get*, etc), 
we need to map out the lifecycle for the developers and what those internal 
touchpoints/support would be.” Leow then summarizes: “Simon: Prepare whitelist of 
Partners for Private APIs”. 

FB-00422062 

October 2013 chat string in which FB employee Eddie O’Neill asks other FB employees 
to list non-game apps that use the full friends list and employees quickly rattle off a 
number of apps, including: Kickstarter, Bandsintown, Strava, Waze, Instagram, Vamos, 
Foursquare, Songkick, Shazam, Deezer, Spotify, Mixcloud, EyeEm, Wrapp, Tinder, 
HotorNot, Tripadvisor, Nike, Sosh. It is public information that these apps used this 
data as you can tell just from using the app. 

FB-00431352 - Nov 2013 Cross: “With PS12N, we’re moving to a world where we’ll 
have many more private APIs than we have today. We’re also moving to gate access to 
all these private APIs using the Talent tool rather than GKs or their own sitevars.” 

FB-00461116-25 - November 2013 email Cross, O’Neil, Archibong for “Platform 
Simplification - Partnerships/Ops progress update”. Cross notes: “Capability 
Cleanup: Goal: reduce the risk of exposure posed by apps with existing access to 
whitelists: currently 315 capabilities, 5200 apps, 23,000 cap-app pairs...la pre¬ 
approve apps for new whitelists (e.g. read_stream, friends_* perms, goal: protect 
strategic use cases from the public deprecations”. Cross then works with Hillery 
Cortez who works for Chris Daniels to setup a meeting where the goal is “to present to 
everyone in Partnerships/Operations, BD and PMD/Sales who will be involved in the 
delivery of Platform Simplification—to give them a high level overview of the rational for 
this initiative, the timelines, the work streams involved....” WAS USER PRIVACY 
DISCUSSED IN THIS MEETING? 

FB-00527706 - Nov 2013 task “Gate docs based on capabilities granted to apps of 
which the viewer is listed as a developer”. Hendrix on thread. Cross: “With PS12N, 
we’re moving to a world where we’ll have many more private APIs than we have 
today. We’re also moving to gate access to all these private APIs using the Talent 
tool rather than GKs or their own sitevars.” 

FB-00461149 - November 2013 Highlights from Sukhar: “We’re going to launch PS12N 
API & permission changes as part of Login v4 in terms of messaging (User Trust). The 



new stuff (versioning, SLA, new APIs) will launch at the same time but will be 
messaged as a new focus on developers and mobile.... Hendrix launch is down to 6 
blockers, almost all just pending a diff review.” 

FB-00521468 - Nov 2013 email from Chang to Partnerships team with platform 
update: “Capability Audit: Audit of 5200 existing whitelisted apps with the goal to put 
80% into sandbox mode or remove them from the whitelists altogether and mapping 
remaining to Salesforce. New Whitelisting process: designed a more formalized 
process for whitelisting internal & external apps with Legal & Privacy XFN. Working with 
Product (Marie) to reflect updates needed to the Capability tool to support. API 
Privatization: Finalizing with Product (Eddie) a set of 54 apis to become privatized. 
Working on the first cut of top tier apps to be evaluated for extension/exemption.” 
(73) 

FB-00461191 - December 2013, O’Neil preparing the partnerships meeting slides for 
PS12N and Vijay S provides an edit in which he “avoids referring to this as PS12n”. 
What was the new name they used to refer to it? 

FB-00434554 - Dec 2013 O’Neil Cross - “PS12N Whitelist Pre-Approvals Master Table 
of all apps impacted by PS12n deprecations” 

FB-00567905 - Dec 2013 Cross O’Neil task “PS12n will introduce a new set of 

Capabilities to allow apps to continue using to-be-deprecated features.” 

FB-00279843 

December 2013 email from John Zimmer, the founder of Lyft, to FB employees 
accusing FB of deliberately permitting Uber to violate FB’s policies to give Uber a 
competitive advantage against Lyft. Uber was using data from Facebook in a way that 
clearly violated Facebook Platform policy to directly target Lyft drivers to try to get 
them to switch to driving for Uber. [“This is upsetting and different than what was said 
before when we were told you had found the issue. We continue to see instances of 
this. This seems to be a major Facebook privacy and platform flaw that press would be 
interested to know about. I really don’t want to be difficult, but this lack of enforcement 
is hurting our business and we will have to take our own next steps. Please let me 
know the names of the department heads that are involved in this.”] No contractual, 
financial or technical information is communicated in the exchange. 

FB-00499962 - Dec 2013 chat with Sukhar and O’Neil. Sukhar mentions a PS12n 
meeting that isn’t on O’Neil’s calendar on December 17, 2013 - who attended this 
meeting? O’Neil mentions a pitch from Purdy around transitioning Platform’s focus into 
“an API program targeted at games but have no idea if the rev share idea will work.” 
Sukhar responds: “I still want to get a better read as to why the horizontal platform 
isn’t interesting anymore but for the time being it’s a reasonable justification for 
platform ©” 



FB-00499966 - Dec 2013 chat between O’Neil and Naor on Naor’s birthday. O’Neil: 
“What happens when we deprecate friends_birthday next year? ©” Naor: “Thanks, 
yeah it’s going to be sad. That was live for 3 years now - I just wanted to give ios7 look 
and feel therefore the major update.” O’Neil: “Yeah, it’s going to be especially bad for 
birthday notifiers...” Naor: “yeah and dating apps ©”. O’Neil: “The dating apps will be 
interesting - Lulu will be hit hard, but Tinder will be fine.” 

FB-00510486 - Dec 2013 email from Scott Carpenter: “My wife (Brazilian) is telling me 
that many of her female friends and family are deactivating their FB accounts due to an 
app called “Tubby App”. It’s apparently like LuLu but where men rate women sexually 
(and it is pretty vulgar). I suppose that similar to LuLu they are not technically violating 
policy since users are authorizing friends_* permissions. Still, how is this really 
different than other apps we have blocked for competitively copying our friend 
graph?” 

FB-00454693-700 - Jan 2014 PS12N impacts on games. (700) Amir Naor explicitly 
notes that games will be exempt from non-app friend list deprecation and that a 
separate API will be provided to them for ranking purposes to fill the hole from 
friends_* permissions deprecation. (699) Ling Bao writes that O’Neil will be the PM for 
Login v4 in the first half of 2014: “Login PM will be Eddie in HI which lines up nicely as 
he owns the rest of ps12n which simul-launches w/ v4. George Lee clarifies how the 
non-app friends APIs will work: “We are taking this away for unapproved devs and 
games will be whitelisted, but we still are splitting the API into two distinct APIs: api 
friends and non-app friends (aka Invites API). So, whitelisting is really for the Invites 
API. The task for the new API is #3388371: provide an invite graph API of friends for 
developers and it seems there are additional needs like specifying device filters for the 
API...I was assuming that Eddie’s team would do the work around removing in-app 
friends frm the existing friends.get API...@eddie - let me know if that is incorrect...” 
O’Neil responds: “on non-app friend deprecation: API team is building this. Vish and 
Harsh are driving. How it surfaces in the API is TBD. Open to suggestions.” O’Neil in a 
follow up note sends the task for deprecating friends_* permissions 
https://our.intern.facebook.com/intern/tasks/?t=3003710 

FB-00434429 

January 2014 chat string discussing the plan for restricting data access to competitors 
in which FB employees share their impressions around the risks and benefits while 
preparing a presentation for Mr. Zuckerberg. Mr. Sukhar writes that these decisions 
around restricting data access are things he would like to hear directly from Mr. 
Zuckerberg. [“I think these are things I’d like to get from Mark [Zuckerberg]: (1) Is he 
comfortable with the broad devaluation of Login? (2) Is he comfortable killing the 
prospects of a lot of startups (some of which are good like Venmo and Tinder and I 
think we should emphasize that more)?” Mr. Sukhar explains his concerns based on a 
major exception Facebook granted Apple that undermined the public narrative around 
user trust: “My concern is around the perception that we can’t hold our story together. 
We’re going all-in on the user trust message as our reasoning for doing the v4 shakeup 





and it’d be sad if the TechCrunch article clearly pointed out that there was an easy and 
obvious workaround on iOS....” 

FB-00481692 - Jan 2014 Cross sets up a task for “PS12N Affected Apps Outreach: 
Determine prioritization of apps that will have features deprecated / privatized 
with PS12N outreach.” FB-00481693 - “There will be a lot of developers affected by 
deprecations and privatization of APIs with PS12N. This task specifically focuses on 
the APIs that are moving from public to private/deprecated. We need a way to filter, 
prioritize and identify these apps for the following purposes: Pre-Launch: reach out to 
sensitive apps (see 3338917). Post-launch: 1/ reach out to important apps to explain 
the changes and give our Platform a more human element. 2/ filtering & routing 
submissions from impacted devs who appeal and have valid use cases (see 3147891).” 
Check for these two additional tasks 3338917 and 3147891. 

FB-00528042 - Jan 2014 email from George Lee to Purdy, O’Neil, Sukhar, Bao, 
Koumouzelis and others, subject “implicit OG feedback from games devs”. Lee: 
“BTW...I hope this is not surprising to anyone. We sold developers a bill of goods 
around implicit OG 2 years ago and have been telling them ever since that one of 
the best things they could do is to a/b test and optimize the content and creative. 
Now that we have successes like Criminal Case in 2013, we’re talking about 
taking it away. The metrics quotes below only tell half the story...not only do they get 
an important amount of traffic from this channel now, they have invested a lot of time 
to establish that traffic in our system. Even if we were to give them more traffic on 
home page in some other way, it still nullifies all their work to integrate OG for the 
last 2 years. The more I think about this, the more concern I have over the pile of 
asks we’re making of our developers this year. PS12N is going to require them to 
alter how they deal with APIs (and for limited value), removing implicit sharing 
reverses a storyline that we’ve been pushing for 2 years now, and login v4 
complicates the permission structure. We can measure the quantitative impact, 
but the qualitative impact is what could severely and irreparably hurt our canvas 
ecosystem. I know you’ve all heard our concerns, but we’re reaching a poignant 
moment here where it should be clear to everyone that this could be a very very 
painful transition.” 

FB-00528137 - Jan 2014 email from O’Neil to TR Singh Koumouzelis and others 
preparing for Vernal and Zuckerberg meetings on full friends list. O’Neil: “we have two 
reviews coming up in the next week starting Friday, 1/24 with Mike and on Monday, 
1/27 with Mark.” (38). References two outstanding issues - user_friends and non-app 
friends (NAF). Proposal for Mark is that “an app can get NAF from the /friends endpoint 
if we approve that access.” (37) Did Hendrix attend this meeting on 1/24 or 1/27? 

FB-00528201 - Jan 2014 O’Neil task for “PS12n Whitelist Process Agree Legal 
requirements for whitelist access” 



FB-00556670 - Jan 2014 Purdy Sukhar email string. Purdy restates the user trust and 
control message (71) and then states: “The above user trust message only really 
hangs together if [we] introduce the user model changes with the developer 
changes. They don’t need to ship together, but I think we need to outline our plan 
here to people and the ecosystem in one fell swoop. Please pushback if you 
disagree.... I think we need to decide if we should actually use f8 to address and 
potentially amplify this message. That may be provocative, but I think it is an idea 
worth exploring.... If we decide that we should create space between this user trust 
message and f8, how much space do we need? Should we push f8 to fall? FWIW: If we 
have to trade off between the cohesion of this message and f8, I am squaring in the 
move f8 bucket.” Sukhar: “If it were my call alone, I wouldn’t do f8. We don’t have 
enough value to deliver to developers.” Purdy then mentions the 1/24 Vernal review 
and the 1/27 Zuckerberg review. Who decided to announce at F8? 

FB-00576663 - Jan 2014 O’Neil task “PS12N Affected Apps Outreach Determine 
prioritization of apps that will have features deprecated / privatized with PS12N for 
outreach”. 

FB-00576789 - Jan 2014 O’Neil task “Support in Hendrix for per-version guides and 
docs.” 

FB-00545863 - Jan 2014 email from O’Neil to himself writing reminder notes on tasks. 
One of them is “follow up with mark on read stream”. 

FB-00545978 - Jan 2014 email around implicit newsfeed stories. Purdy asks Greg 
Marra where the plan to “kill action links from platform feed stories” came from: “is it 
Cox, Mark, both or other that is giving that feedback? What is the primary 
motivation?” Was Hendrix in the “executive reviews” with Greg Marra, Cox and 
Zuckerberg in which they discussed this? 

FB-00548667 - Jan 2014 chat with Purdy noting meetings scheduled with Mike and 
Javi on 1/21 and Mark on 1/24 (messenger platform, sukhar owner), Mike on 1/24 and 
Mark on 1/27 PS12n O’Neil owner), Mike on Feb 3 and Mark on Feb 4 (games Lee 
owner). Did Hendrix attend these mtgs? 

FB-00548864 - Feb 2014 email from Creitz to O’Neil seeking approval to share PS12n 
with Microsoft before announcement so they can work on a workaround together. Also 
with Sony. Creitz: “we need permission to share certain aspects of platform 
simplification with them, before f8 (and as close to now as possible). This will allow 
them to architect their system for smooth implementation of the switchover. I believe 
that you might be the person who can authorize that. Because they have been working 
with us all along, that authorization will also need to extend to Sony’s Playstation team, 
as it would be very poor form to favor MS over them given our history of ongoing 
successful cooperation, compared to the stalled and recently restarted MS 
relationship.” 



FB-00587485 - Feb 2014 email between Archibong Cross O’Neil Chang discussing 
PS12n presentation for an Archibong mtg with Rose. Archibong: I’ve made some 
format and language suggestions/tweaks...The area where I’ve added a couple words 
in, is in the “Exemptions” section. This will be the area that Dan will want to discuss the 
most. Remember that he’s of the mindset that we shouldn’t have a whitelist for 
anything, so we’ll have to explain to him why these three buckets are necessary.” 
Chang: “Actually, here’s an updated version. I’ll explain on the call, but in essence 
we’re not going to grant any exceptions, only extensions based on contract and 
partner sensitivity. Where I’ve labeled ‘exemptions’ are actually private apis today that 
allow for friend data to be read... I believe we should keep maintaining these apis as 
private strategic ones - however, it’s worthwhile acknowledging this as there’s been 
some confusion by partnership teams on how we plan to maintain these going 
forward.” 

FB-00454708 - Feb 2014 Discussion of engineering items remaining for Graph API 2.0 
rollout, explicit recognition of whitelisting and making it easier to whitelist. Assumption 
that the announcement is going to mention these deprecations and there’s going to be 
blowback from developers. Lee “We also have plans to reveal all of these at 
f8....There will probably be some discussion after f8 on whether the reaction from 
developers warrants some fallback or other kind of response, but I don’t think we 
can spend any more time speculating. We just need to get this stuff out there and 
figure out what the implied impact will be once we get developer feedback.” TR: “Want 
to make sure we’re all on the same page wrt what ‘login v4’ means, since it has also 
been overloaded as an uber term for all ps12n work’. Jeff Spehar: “This to me sounds 
like something that will become a ‘permanent’ migration because granting some 
friends_* info feels exactly like the type of thing that we’ll want to give a small set 
of whitelisted partners so I’m wondering if we’ve thought about enforcing this 
entirely via perms review.” Spehar makes clear that the plan is to give unequal 
access and by using permissions review as the mechanism, it makes it easier to 
determine which developers they want to give access to versus which they want to 
disadvantage. 

FB-00456587 - Feb 2014 task with Cross, O’Neil, TR, Singh and others for “Gate 
access to non-app-friends by a capability”. This is the task that permits certain apps 
to continue to access the full friends list. Cross writes in the task description: 
“Apps which have enabled the platform simplification migration won’t get access to 
non-app friends. That means calls to /me/friends will only return the subset of the 
user’s friends who have also TOS’d the app. Some apps have a valid use case to 
access non-app friends. Examples: -Venmo allow you to send a payment to a non- 
app friend - Bing needs this to display public data from your friends which they 
acquired via the firehose. As such, we will need a new capability: 
“can_read_non_app_friends”. When apps with this capability request /me/friends 



AND where the user has granted the user_friends permissions, the API will return 
the full set of the users friends, including friends who have not TOS’d this app.” 

FB-00456733 - Feb 2014 task “Update examples in FBRell JS Console to not expect 
canonical IDs” by Cross noting that “PS12n changes how we want developers to think 
about Platform” and so they need to make changes to FBRell. What is FBRell? 

FB-00433999 - Feb 2014 O’Neil Task “Let apps request access to non-app friends via 
a helpcenter form”. What does this mean? 

FB-00434121 - Feb 2014 Task “Return only tosed friends to an app”. On the task are 
TR Vishwanath, Cross, O’Neil and Singh 

FB-00434129 - Feb 2014 Task “Remove Implicit Platform Stories” - “Goal: Move the 
developer ecosystem to an explicit story model without seriously damaging our key 
partner relationships or games business ASAP” 

FB-00476022 - Feb 2014 chat string between O’Neil and Sukhar. O’Neil: “What makes 
you uncomfortable with this plan?” Sukhar: “Just the optics of launching deprecation 
at an event.... Jonny had a good outlook in that launching things after f8 will be even 
harder to get right because folks will be exhausted. So, let’s just roll with it.” O’Neil: 
“OK - I think this will be a good message. The model changes will indeed be hard on 
developers, but it will be really hard to argue against the people-centric message of the 
changes. Overall, it’s good for FB with some collateral damage to the developer 
ecosystem.” 

FB-00454416 - Feb 2014 Final Task for Removing Implicit Newsfeed Stories - lots of 
discussion among O’Neil, Purdy, Chang and others regarding user trust aspect of 
implicit sharing since users may not know they’re posting the story to FB graph. 
Discussion of impact on Pinterest, whose traffic will tank as a result of this. Also 
discussion of Netflix and Spotify. Chang suggests using this change as leverage to get 
Netflix to agree to entity card discussions. Chang then notes: “agreed with Peter Yang 
on all or nothing as the messaging sounds pretty terrible - because we’re basically 
saying implicit stories are terrible except for music and games. I think this is even 
more so why we shouldn’t spell out how we’re changing newsfeed algo in the 
reactive partner msg as it will make it very clear that we’re being inconsistent in 
our standard and arbitrarily controlling nf distro for partners.” Purdy: “I don’t think 
we are communicating clearly. I am likely going to call a meeting of the key 
stakeholders this week as there is too much discussion on this task. 1. We shouldn’t 
be saying anything about how we are removing these stories (special casing 
games/music for a little while), just that we are removing these from feed over the next 
few months. 2. Once this change is complete, we are not going to ever show implicit 
stories in feed/ticket, we are going to use the implicit ^actions to create special 
game and music recommendation stories. If the vertical is important enough, like 
movies maybe, we can do the same thing”. 



FB-00058030 

February 2014 chat string between Mr. Sukhar and FB employees demonstrating 
clearly that Mr. Zuckerberg helped drive the decision in February 2014 to communicate 
to the public that the reason Facebook was restricting data access was because of 
user trust and privacy concerns. [“After discussing a bunch with Zuck, we landed on 
making user trust a core theme of f8.... After all, this is a big change to put the power 
in the hands of people and we need to do it the justice of a thorough announcement. 
Who better to do it than Zuck? Now, that doesn’t mean we’ll be enumerating specific 
deprecations on stage or anything. It probably means we announce the new Login and 
have a workshop about the changes later in the day.”] 

FB-00497521 - Feb 2014 email from Ellen Silver to O’Neil asking when the Zuckerberg 
review of ps12n meeting will be held regarding a decision to remove 1,533 whitelisted 
apps for housecleaning since they are dev/test apps but mistakenly set in production 
mode. Task notes that there are 5,300 capability-enabled (whitelisted) apps. Silver’s 
comment shows that this should be Zuckerberg’s decision because it is related to 
PS12n: “Hey Eddie - what day is the Zuck review for PS12n?...l’m curious if there are 
other drivers in getting this sandbox email out on 2/11 as opposed to waiting for after 
the Zuck review? Is there any downside to waiting a few days? While I understand it’s 
somewhat independent from PS12n/Loginv4 and good housekeeping practice, I just 
think our developers are smart, some will speculate and may inadvertently take away 
from the “moment” we’re looking to create with PS12n/Loginv4.” Did Hendrix 
participate in this Zuck review? 

FB-00499978 - Feb 2014 chat with O’Neil and Cross discussing a developer 
presentation. Cross was not happy with the FB employee who spoke before O’Neil 
because he didn’t do a “great job of (a) explaining our plan and rationale and (b) 
owning/shaping the discussion. I get itchy when I know we could be clearer in framing 
and explaining. Shame we didn’t get to sell removing friends_* and login review more 
strongly.” O’Neil: “Yeah, we decided not to talk about Login Review at all and to talk 
about friends_* as a consideration rather than a plan. Didn’t want to commit 100% 
since we have 2 months until launch ©” 

FB-00500041 - Feb 2014 email with O’Neil and Sukhar. O’Neil: “Any update on the f8 
/v4 plan with Mark?” Sukhar: “not yet talking to him tmrw lish”. Did Hendrix 
participate? 

FB-00510070 - Feb 2014 task O’Neil and Ashley Moore “PS12n Let apps request 
access to non-app friends via a helpcenter form.” “With PS12n, Apps won’t get 
access to non-app friends when calling /me/friends. However Games on Canvas with 
Credits will automatically get this. The other main use case for non-app-friends (NAF) is 
tagging, but we’re building a tagging API to satisfy this case. Given that,, there are 
VERY few cases where we want an app to have non-app friends. This ability will 
be gated by the capability. However, we still want apps to be able to request 
access to NAF, but not make this a core part of the developer experience.” 



FB-00510171 - Feb 2014 task “PS12n Capability Cleanup Remove 698 Apps from the 
Capabilities Tool (as specified by Partnerships teams)”. Cross: “The partnerships 
teams have completed their review of the ~5300 Capability-granted apps. They 
have determined 698 apps should be removed from the tool. The app won’t be 
deleted, it will remain in whatever state it is now...but these apps will no longer 
have access to the special features provided to them by whatever capabilities 
they currently have.... Plan: 1/ we do NOT intend to notify the developers of these 
apps in advance. Many have access to things they shouldn’t have, many others are 
dormant or dead apps - there is little value telling people we’re taking something away 
they didn’t know they had. 2/ Partnerships will be provided with reactive 
messaging in order to use if a developer complains or raises alarm. We have the 
ability to re-add an app to the capabilities they had before if we made a mistaken 
judgment. 3/ We will bulk remove all 698 apps from the tool at once, once we have the 
go-ahead from Doug.” 

FB-00510183 - Feb 2014 O’Neil task “Return only tosed friends to an app” 

FB-00517405 - Feb 2014 email between Sukhar, O’Neil, Gupta, Poll, Lacker, 
Koumouzelis trying to resolve how not to leak friend graph with new Invites API. Gupta 
gives options for how to handle with option 2 saying “This is also in keeping with the 
ps12n goals of not leaking the unTOSed friends graph.” 

FB-00558390 - March 2014 task Cross O’Neil “PS12n Privatizations ensure 
v2.0/FRIENDLIST_ID/members includes non-app friends for apps with 
manage_friendlists perm 

FB-00549033 - March 2014 chat string with Krishnan O’Neil Hendrix Lacker. Krishnan: 
“How do we think about prefill policies (section IV.2 from 

https://developers.facebook.com/policy) when it comes to our own apps. For example, 
Messenger and Paper both now add a download link at the end of messages. It seems 
a bit odd that we block other developers from doing things on our platform that 
we’re ok with doing ourselves. Do we consider ourselves exempted?.... that 
seems a little...unfair especially when our stance on some of these policies is that 
they’re about ensuring trust and a great experience. My mental model on how 
platform is a level playing field could be way off though.” Lacker: “as a product 
Messenger is willing to sacrifice some trust and experience for growth. We aren’t 
letting platform developers make the same tradeoff because we don’t value their 
trust-vs-growth tradeoff the same way. I think it will just be inevitable that what 
our own apps do will not be on the same playing field as platform apps unless we 
have some way to consider ourselves to benefit from unpaid growth for platform 
apps.” Hendrix: “We strive to have parity with our policies, but there are times 
where we make decisions like these that will help our products gain distribution... 



That said, we still prohibit URL inserting and I think we should continue to do that 
despite the fact that we may elect to do so ourselves.” 

FB-00482145 - March 2014 O’Neil task “deprecate - privatize friends_* 
permissions” 

FB-00510419 - March 2014 Singh/O’Neil/Cross task “PS12n only return app-friends 
via v2.0 by default, unless the app has various capabilities which bypass that 
restriction.” Cross: “Some apps have a valid use case to access non-app friends. 
Examples: Venmo allow you to send a payment to a non-app friend - Bing needs 
this to display public data from your friends which they acquired via the firehose. 
As such, we will need a new capability: “can_read_non_app_friends”. When apps with 
this capability request /me/friends AND where the user has granted the user_friends 
permissions, the API will return the full set of the users friends, including friends who 
have not TOS’d this app.” 

FB-00510421 - March 2014 Cross task “Fully deprecate (not privatize) Checkins and 
Locations APIs and Permissions”. Shows that they recognized a distinction between 
deprecate and privatize. They privatized accessing non-app friends but said publicly 
they were deprecating it. 

FB-00514157 - March 2014 chat string between Chang and O’Neil. Chang: “Working 
with the events team and we made the decision to deprecate the events Apis. 
We’d like to incorporate that into ps12n- (1) is that possible? (2) what’s the best way 
to go about this? As context, they’d like to extend the longer window of wind-down 
and strategically, it makes it look a lot less targeted if we can roll it into a broader 
deprecation.” O’Neil: “Hm - we should discuss. Don’t think we can deprecate the 
events API because: 1/ games built an events product on top of it 2/ pages use it to 
publish events. So we can wind down the non-game usage of events on the User 
object.” Chang: “we’re trying to build out an affiliate program where they ingest 
the events directly and collect money....i think we’d want to maintain that usage 
privately. Mostly, I think the goal would be to privatize this api since the team 
hasn’t been prioritizing any bugs and there aren’t that many devs using it where it 
makes sense to publically support it and the devs who are using it, we’re trying to 
build direct partnerships with.” 

FB-00517986 - March 2014 O’Neil task “Login session deck” where they discuss 
framing the new Facebook Login/ps12n. Jeff Spehar asks them to collect stats about 
increases in click through rates and install growth “to help the message that focusing 
on user trust has downstream positive effects for devs (even though we all know it’s 
painful)” (90). Seems like this is when they started reverse engineering the data for the 
user trust case. 



FB-00189936 

March 2014 email from Jonny Thaw to Mr. Zuckerberg providing “some early 
thoughts” on the April 30, 2014 announcement based on comments by Mr. Vernal and 
Mr. Sukhar. 

FB-00472653 - March 2014 task for “ultra heavyweight permission review criteria” with 
O’Neil Hendrix, Koumouzelis and Cross. Koumouzelis confirms that “manage_groups 
is indeed whitelist” and that he’s “working with Simon and Allison to nail this down.” 

FB-00457159 - PS12n All-up testing - Pass 2 March 2014, Cross asking developers to 
attend a meeting and cerate test apps in advance and add them to the 
“hendrix_test_apps” list. References internal URLs and “GKs”. 

FB-00457331 - “Migrate GKs to Capabilities” task from March 2014. What does it 
mean to “use capabilities instead of GKs to define blacklists and whitelists”? 

FB-00430879 - Mar 2014 TR Vishwanath and Cross discuss the Graph API 2.0 rollout 
principles - demonstrates that Login v4 and PS12N are intimately related because 
Login v4 becomes the gateway to enforce transition to PS12N. Shows they already 
knew apps using Graph API 1.0 would be retired so Zuckerberg’s announcement was 
a lie. Shows that they anticipated and planned for whitelisted apps to get exceptions. 

FB-00569387 - March 2014 task “PS12n Privatize other permissions (read_requests, 
manage_notifications, manage_friendlists etc)” 

FB-00590289 - April 7, 2014 presentation to select developers on F8 and login (Zynga, 
Rdio, etc.). Explicitly states deprecations, unlike April 30 announcement. 

FB-00570361 - April 2014 O’Neil task “Fully deprecate (not privatize) export_stream in 
v2.0+ of the API.” 

FB-00559931 - April 2014 task O’Neil Singh “psl 2n Privatize /me/subscriptions and 
/me/subscribed to in v2.0+ of the API 

FB-00558489 - April 2014 email with Cross Koumouzelis Sukhar O’Neil Federov and 
others regarding negotiating with Apple the new FB Login Review. 

FB-00558679 - April 2014 O’Neil task “Privatize user_notes in v2.0+ of the API” 

FB-00558756 - April 2014 FB employee notes photo privacy issue. 

FB-00473032 - April 2014 Cross and O’Neil discuss potential Salesforce whitelisting, 
no firm decision. 



FB-00473102 - April 2014, Peter Yang asks O’Neil and Cross in an email about 
read_stream, saying “I know this is being privatized, but are we still planning to 
deprecate it at some point?” 

FB-00472826 - April 2014 task with O’Neil, Cross and others for “Social Context API” 
in which O’Neil notes “If an app has been approved for access to all friends, 

presence in this list != TOS’ed.” 

FB-00560271 - April 2014 O’Neil task “deprecate Privatize parts of the Events API in 
v2.0”. 

FB-00562432 - April 29, 2014 Zuckerberg email to Vernal Thaw O’Neil Sukhar Liu 
Archibong Federov O’Neil. Zuckerberg: “No real changes to the script since last 
night. The only slide change that I think might be nice would be to highlight 
Anonymous Login a bit more by showing an account synced across a phone and a 
tablet when I mention that feature. This can be as simple as just showing the two 
screens with the same content (it would need to be non-default content to show it 
synced). Should hopefully not be too hard to build into that flow and would help 
highlight this feature some more.” Shows Zuckerberg directly worked on this speech. 
Did Hendrix participate in the drafting of this speech? 

FB-00188603 

April 2014 email from Mr. Zuckerberg’s communications assistant, Jonny Thaw, 
demonstrating that Mr. Zuckerberg personally drafted the April 30, 2014 
announcement that is central to the allegations in the SAC and TAC: “Mark wrote his 
script for f8 yesterday.” 

FB-00411864 

April 2014 email exchange between FB employees Dan Rose and Eddie O’Neill in 
which Mr. Rose raises the possibility that restricting data access to games will 
substantially lessen Facebook’s advertising revenues from games, and since games 
aren’t competitive with Facebook, Mr. Zuckerberg needs to make the decision as to 
whether Facebook should make an exception for games and permit them to maintain 
access to data that is being shut off to other applications. [“If we determine that these 
changes will have a substantial negative impact on canvas revenue, we need to get 
this in front of Mark [Zuckerberg]...before it’s too late to turn back. There could be a 
scenario where Mark decides the revenue hit to canvas isn’t worth the platform 
harmonization benefits [the benefits of restricting data access].” 

FB-00499947 - April 2014 chat with Cross and Blizzard where Blizzard checks the 1- 
year deadline with Cross. He was “just making sure we don’t scare the ever living shit 
out of developers.” 



FB-00482084 - April 2014 Kinsey and Helmer discuss privacy permissions in the 
“Platform Trust” group. What is Platform Trust group and when was it formed? Kinsey 
writes: “I don’t see much point in testing this since the data will be void come f8.” Why 
is Helmer testing to see if the ordering of permissions affects whether they are 
selected? Seems like they are collecting data on privacy after the fact. 

FB-00482093 - April 2014 O’Neil task “PS12n Privatizations - ensure 
/v2.0/FRIENDLIST_ID/members includes non-app-friends for apps with 
manage_friendlists perm”. This is the task to give certain apps special access to the 
data that 643’s app needed to function. 

FB-00454360 - May 2014 Hulu whitelist discussion regarding login on their TV app. 
O’Neil, Cross, Archibong, Hurren. Shows URL 

https://our.intern.facebook.com/intern/platform/talent/group_details.php?group_id=Hul 

u_auth_login ” - shows they managed whitelist agreements through the Talent platform. 

FB-00433725-28 

May 2014 chat string among FB employees in which FB engineer Sean Kinsey 
provides his impressions on Facebook’s inconsistent, arbitrary and unequal platform 
enforcement: “we hold developers to different standards - it’s pretty amazing that no- 
one has called us out on this already. We let games get away with things we publicly 
document we don’t allow regular apps to do.” Eddie O’Neil responds: “I see the 
inconsistency, we just decided that it was worth it.” Kinsey then responds: “It’s ironic 
that we’re exempting the one category where trust is paramount (money is involved) 
from taking part in building that trust ©”. 

FB-00556827 - June 2014 email noting academic apps like CollegeConnect that “no 
longer function because they can’t access a user’s friend through the API. In the case 
of CollegeConnect, this is a multi-year project that has been funded by the Gates 
Foundation, and “visualized social networks to help lower income students find better 
and more successful routes to university”. My friend Bernie Hogan, who has been 
developing it at the Oxford Internet Institute is wondering what his options are now. Are 
there any exceptions being made for such projects?” Leow responds: “If they want to 
extend past that period [April 2015], we have a feature request contact form that gets 
evaluated by a XFN team to catch ‘awesome use cases’ we may have missed. Simon 
and Eddie are good people to run ideas by.” 

FB-00472907 - August 2014 task with O’Neil for “Users who disable platform should 
not appear in /me/friends or any MFS.” O’Neil notes, “People who care about this 
really care about this - we should fix this as soon as possible. The model is that if you 
disable Platform, your FB profile does not exist in the context of 3 rd party, non-FB 
mode apps.” Demonstrates FB had a privacy flaw outside the control of 
developers and did not fix. This bug was reported before they rolled out the changes 
and task reaper said “This task has not been updated in over 3 months” and they never 
fix it before announcing the changes. 




FB-00556251 - Aug 2014 FB employee Larry Schrof complains that one of his friends 
uploaded an album and he got seventeen different notices for each photo. Horrible, 
intrusive experience that FB built. Shows didn’t address privacy properly. 

FB-00472731 — Sept 2014 task with O’Neil for “PS12n Whitelist Pre-Approval Review 
Financial/Banking/Payments apps affected by PS12n for potential whitelisting”. 

FB-00454582 - Oct 2014 Cross O’Neil KP Task for Ordered Friends List. Proof that 
they had a whitelist for returning non-app friends in Graph API 2.0. Proof of arbitrary 
decision-making giving Netflix access to non-app friends but not Pinterest. “We have 
a whitelist only API called orderedfriends. In API v2.x it returns non app friends. 
The expected behavior is that it should return only app friends. As an alternate 
solution, we should just not support this endpoint anymore after vl. The only partners 
using it are Pinterest and Netflix, as listed here: [url for Talent tool].” KP: “My 
recommendation to Eddie and team has been that we preserve access to this API 
for Netflix, including non-app friends as part of their Titan API integration.... I am 
100% in favor of the idea of removing it for Pinterest for 2.0 but I would not 
recommend removing it for Netflix going forward.” Cross: “So I’m game to keep 
this for Netflix, but think we should remove for Pinterest as they won’t continue to 
get full friends, and it’d be better to avoid the eng work to scope this to app-friends 
only.” 

FB-00599536 - Oct 2014 email in which KP offers Badoo common friends private api 

FB-00600167 - Oct 2014 email in which KP Archibong and Tretti discuss Pinterest 
abuse of Ordered Friends whitelist API, making way too many calls, concerned about 
leaking graph. Realize it’s not as bad as it seemed. KP notes that “The possibility of 
using invites requests has unblocked their migration plan. They were reluctant to do so 
earlier, as long access to non-app friends that they use for their growth would not have 
been ideal for them.” Indicates Pinterest still had access to non-app friends. 

FB-00045908-09 

October 2014 email from FB employee Nikhil Bobde asking five other FB employees: 
“Are there any legal implications if we whitelist some apps and not the others? Just 
checking.” After receiving no response for over two days, Mr. Bobde pings the 
employees, and one of them, Dhiren Patel, responds: “There shouldn’t be any; we’ve 
done this kind of stuff before.” 

FB-00454583 - Oct 2014 email in which KP, O’Neil and Cross discuss Ordered Friends 
API used by Netflix and Pinterest, which includes non-app friends in v2.x. KP says: 

“My recommendation to Eddie and team has been that we preserve access to this API 
for Netflix, including non-app friends as part of their TITAN API integration for 
consoles. I am 100% in favor of the idea of removing it for Pinterest for 2.0 but I 



would not recommend removing it for Netflix going forward.” O’Neil responds: 
“We’re vetting questions like this with Mike in ~2 weeks, so let me know.” 

FB-00577500 - Nov 2014 Email in which Akamai employee notes that Flipboard has 
access to read_stream and they should be given same access and FB rejects their 
access and Archibong tells Cross to tell Akamai that “Flipboard had access prior to the 
policy changes” even though Flipboard still has access to read_stream since 
Archibong writes: “For internal knowledge: we’re working with Flipboard to move them 
off read_stream by f8.15.” 

FB-00597229 - Nov 2014 email between KP O’Neil Cross Archibong and others 

approving Flipboard for read_stream access until 4/30/15. “read_stream: We will 
approve per this note” (31). O’Neil: “Agree with KP on the point about optics - not 
approving them to access these permissions now implies they won’t have access 
to them in the future, and they don’t have that news yet. Note, this is a very unique 
case, I don’t have lots of context into the relationship but IIRC the plan around F8 
was for Cox to be involved in making this call with them.” 

FB-00598434 - Dec 2014 email between KP Archibong regarding Dave Morin’s 
company Path. Morin claims Path is disadvantaged relative to Kakao and Line and that 
he is going to bring it up with Zuckerberg. Archibong and Morin were both “candid 
about the fact that we might not be able tyo find alignment to work together given the 
nature of our products.... Depending on how Mark feels about them, they could be an 
interesting target for the AN given their feed format and southeast Asian presence.” 
They are competitive; up to Mark how to treat them. Archibong and KP note that Path 
had been blacklisted/restricted from certain data. Archibong confirms that Kakao and 
Line “aren’t getting any special treatment, but are they blacklisted from anything? I 
think Path is blacklisted from a couple things.” KP confirms: “Path: Restricted for 
the following: photo, status. They are pulling get user/friends, get user/friendlists, 
though this wasn’t restricted as as of our most recent bet the app wasn’t actively 
using friendlist for growth within the app (which has historically been a 
requirement for restricting friends list). 

FB-00552033 - Email from FB employee December 2014 noting a privacy bug where 
someone shares a photo and someone else can see it even though they aren’t friends. 

FB-00434544 - 2014 draft email around new Login v4 to developers saying they 
should upgrade by December 25, 2014 to avoid issues. Why was this never sent to 
643? It says the new login contains “significant differences from the previous version” 
but still doesn’t say what those differences are. Which developers received this 
upgrade email? 



FB-00499945 - Jan 2015 email from O’Neil discussing Cox meeting and presentation 
regarding product vision. Just shows Cox runs product. 

FB-00454612 - Jan 2015 Task for “Apps Others Use” privacy permissions do not 
persist after turning platform off/on. “On the above page, you can click ‘Apps Others 
Use’ and have some granular control over information about you visible in friends’ apps 
(see attached screenshot). On the same page, under the heading “Apps, Websites and 
Plugins”...you can turn Platform On or Off entirely. Undesirable user experience: if you 
set custom privacy under “Apps Others Use” and then turn platform off and back on, 
your custom privacy settings for “Apps Others Use” are returned to the defaults.” They 
then discuss how there is no longer a platform engineering team to handle this 
task...’’There is no more Platform Ul Infrastructure team, the spoils have been 
divided...” O’Neil then writes: “Friend permissions are deprecated and being removed 
this year - given that, I don’t expect we will make changes to how this works. Closing.” 
They admit they have full privacy protections for users, they have a bug in their 
privacy tool, and decide NOT to address user privacy because eventually they will 
just shut everything down. 

FB-00043884-86 

Copy of a boilerplate, unsigned Private Extended API Addendum from January 2015, 
which is a contract that gives a whitelisted developer access to Private Extended APIs, 
which are “a set of APIs and services provided by FB to Developer that enables 
Developer to retrieve data or functionality relating to Facebook that is not generally 
available under Platform, which may include persistent authentication, photo upload, 
video upload, messaging and phonebook connectivity.” 

FB-00046063-66 

January 2015 email from Mr. Olivan kicking off a whitelist negotiation with Dropbox 
CEO Drew Houston in which Facebook offers Dropbox access to the Full Friends List. 

In an internal follow up discussion, a FB employee, Konstantinos Papamiltiadis notes 
that this may set a “bad precedent” because if they give Dropbox “access to the Full 
Friends list,” they “will probably need to accommodate [other developers] or risk 
alienating [them] when we decline”. 

FB-00047134 

January 2015 email from FB employee Eddie O’Neill encouraging FB employee 
Konstantinos Papamiltiadis to give Tinder a Private Extended API (whitelist) agreement 
to receive special access to the Full Friends List before the CEO of Tinder starts “an 
email thread with Mark [Zuckerberg]”. 


FB-00027001 



February 2015 email from FB employee Johanna Peace to public relations firm noting 
that FB wants its decision to restrict data access to be a “non-news item when April 30 
comes”. 

FB-00559617 - Feb 2015 Whitelist discussion with Walgreens checking for contracts in 
place to access Private API. 

FB-00045736 

February 2015 email from Netflix employee John Midgley confirming that Netflix is 
“whitelisted for getting all friends, not just connected friends,” and that Netflix is 
“currently whitelisted for certain graph API calls” in order to provide it with special 
access and significant competitive advantage unavailable to other companies. 

FB-00559392 - Feb 2015 FB employee notes photo privacy issue. 

FB-00491015 - Feb 2015 email from Cross with Platform NPS scores from developers, 
NPS rated from -100 to 100 and score is -19 “mostly due to the churn for many 
developers caused by the significant model changes in v2.0 and Login Review. This is 
totally to be expected. We’re turning a number of screws to improve Platform for 
people -our most important audience—which isn’t always net positive for developers. 
But we should be pleased that this number has remained stable over the last 3 
quarters, rather than continuing to decline.... But overall - this survey should give all of 
us great signal that the work we’re doing is improving the lives of developers 
worldwide.” 

FB-00492776 - NPS data from Feb 2015 showing satisfaction and dissatisfaction with 
frequency of changes to APIs (47% dissatisfied, 19% happy), completeness of APIs 
(only 24% dissatisfied), platform stability (37% dissatisfied), platform policies (33%). 
FB-00492779 has the survey used for developers. 

FB-00044221 -27 

March 2015 email exchange between FB employee Konstantinos Papamiltiadis and 
Sean Rad and Sam Yagan of Tinder, the popular dating app, in which Mr. 

Papamiltiadis notes that Facebook has “developed two new APIs that effectively allow 
Tinder to maintain parity of the product in the new API world,” meaning Tinder will not 
be affected by Facebook’s decision to restrict data access, and that Mr. Papamiltiadis 
is willing to enter into a Private Extended API agreement with Tinder to ensure this is 
the case on the condition that Tinder permit Facebook to share rights in Tinder’s 
trademark of “MOMENTS” for a new photo application Facebook was planning to and 
did in fact launch. Mr. Papamiltiadis notes that Facebook’s decision to give Tinder 
special access to data that has been cut off to other developers represents “value that 
we think is far greater than [Tinder’s] trademark”. Mr. Yagan attempts to extract even 
more out of Mr. Papamiltiadis: “We do massive business together. There’s a long list of 
ways to enhance that.” 



FB-00596468 - March 2015 email from Matt Hagger, CEO Doppels: “My product does 
not use the FB import friends graph as a way to mask users that don’t exist natively or 
as any form of invite feature. It is there ONLY as a very elegant and beautiful way to 
wish users Happy Birthday, which I will also now be able to integrate with messenger. 
My application is very exciting, we have raised funding and I believe it is going to grow 
very fast.” Tom Lorek FB employee brings to KP to see if they can make an exception. 

FB-00596473 - March 2015 Email between KP and Skype where Skype gets 
whitelisted. 

FB-00596486 - March 2015 Email where Eugene Zarakhovsky grants request by KP to 
give Nissan whitelist access to friends_photos and other privatized endpoints. Seems 
only temporary. 

FB-00596517 - March 2015 task “[Whitelisting] Remove all friends access from Tinder” 

FB-00596405 - April 2015 email from Yahoo regarding Vizio TV impact to KP: “Thank 
you for clarifying FB’s position. The Facebook branded app has been shipping on 
millions of Vizio TVs since 2009 and is one of the most popular apps on the platform. 
Removing the newsfeed functionality would be disservice to Facebook and Vizio 
customers who have come to rely on this device to connect with their Facebook 
network. Is Facebook planning on developing their own TV app in the near future or is 
Facebook not allowing 3 rd parties to develop Facebook branded app?... In the short¬ 
term, I believe the data from the “stream” table for our newsfeed feature is not expiring 
until next year, correct? If so, in order to maintain the data in the current app it looks 
like we need the “read_stream” Extended Permission in the short-term. Please let us 
know if we understand this correctly.” 

FB-00580073 - April 2015 same privacy issue “Apps on platform can automatically 
pull ‘Only Me’ info from profiles and displays it to both you and other people using 
that app. How I found out: I have a lot of ‘Only Me’ jobs that I use for testing, and I 
found out that apps that I had previously auth-ed were automatically updating profiles 
with that data, and I cannot control the display of it. While ‘whoa how did you start 
working at easterly Rock’ is a fun opener, isn’t this directly violating what we tell 
users is ‘Only Me’?” 

FB-00519754 - April 2015 Tsang/O’Neil task “Whitelisting Remove all friends access 
from Tinder.” 

FB-00594684 - April 29, 2015 email exchange between KP and Ashley Moore. KP: 

“can u please tag all the people in your team that have worked on simplification?” 
Moore: “simplification, meaning Login Review?” KP: “platform simplification”. Moore: 
“Yep, will tag the team in © Just haven’t heard it referred to as Platform Simplification 
in over a year.” KP: “LOL. I know © I am an old timer.” Shows Login Review and 
PS12n conflated deliberately, can refer to same thing. 



FB-00596096 - April 2015 KP email to Tobii where KP gets Alexander from Tobii to 
tweet to an affected customer that they are working with FB to try to resolve. KP cares 
more about the PR issue than actually solving the issue. 

FB-00025848 

April 2015 email from Outcast Agency (PR firm) employee Kacie Thomas to FB 
employee Johanna Peace stating that in “preparation of backlash from developers who 
are negatively impacted by the change, recommend having a few positive/happy 
developers...in our back pocket who can neutralize this for us in the media; also 
recommend having a reactive statement on hand should we need it.” 

FB-00025991 

April 2015 email from FB employee Johanna Peace to public relations firm asking that 
the firm starts “generating some neutral/positive coverage that hits on our messaging, 
giving us something to point back to after April 30 in case reporters notice apps 
breaking, etc.” 


TIME PERMITTING 

FB-00561849 - Oct 2011 email regarding a “Private API: Add profile photo upload/edit 
to graph API”. 

FB-00537160 - Oct 2011 email from Desai to Vernal O’Neil others sharing user 
feedback on privacy regarding sharing Netflix movies they watched automatically on 
Facebook. Notes that “These results were gathered when privacy controls on GDP 
were entirely undiscoverable.” FB doing a bad job on privacy and blaming developers. 

FB-00533818 - Nov 2011 chat string between Paul Mcdonald, O’Neil and Zuckerberg 
regarding cross-promotion via open graph. Zuckerberg writes: “Does this diff include 
things like linking the titles “Friends” to the Friends tab, “Places” to the maps tab, and 
“Groups” to some logical place?.... Some of the report and recent OG activity box titles 
are links to their respective app tabs and others aren’t. I don’t see why we wouldn’t 
make these all links. I also think we should make the icons link as well. In general, 
the more cross-linking and exploration behavior we can encourage, the better.” 
Zuckerberg encouraging more distribution via open graph, increasing user base, 
supporting developer growth, etc., in late 2011. 

FB-00556111 - Apr 2012 chat where Lessin says “I think each photo does need 
pop...” Shows involvement in photos and privacy. 


FB-00559511 - April 2012 task for “App privacy settings don’t affect uploaded photos 
/ videos”. Doesn’t seem like it was ever fixed. 



FB-00556813 - July 2012 email from Blake Barnes FB employee noting that “a few of 
my friends have been complaining about getting random notifications about one of 
their friends’ photo uploads.” 

FB-00559682 - Aug 2012 photo privacy issue 

FB-00563064 - Aug 2012 O’Neil gets Apple apps iMovie and iPhoto whitelisted for 
uploading photos and videos to FB graph. 

FB-00552036 - Email from FB employee August 2012 noting what seems to be the 
same privacy bug reported in FB-00552033 just more than two years earlier. Seems 
like they have the same bug and never fixed it for over two years with massive privacy 
violation. 

FB-00474028 - Feb 2013 Chat string regarding photos CRUD API where Chris Pan 
says regarding photos, “Re privacy, the very short summary is that we ideally want to 
match snap.” This is for apps where users can upload photos, so different use case 
here, but illustrates attention to Snap’s dominating the photo sharing and messaging 
space and FB getting concerned. 

FB-00473649 - Task from March 2013 regarding Foursquare wanting any friends’ 
content that has a place tagged on it. Chris Ackermann writes: “Philosophically, we 
may not want third-party apps being able to pull this since it could bootstrap their own 
competitive products, but wanted to get this group’s thoughts.” 


FB-00430057 - Mar 2013 Purdy, Osofsky, Archibong and others discussing pre¬ 
enforcement of canvas policy on Amazon Gift App that was approved 6mos prior. 
Purdy: “I want to give regular devs 90 days to react to these changes. Fine giving 
Amazon longer, but we’ll need to manage any outcry from other devs.” (59) Jeetendra 
Mirchandani (Jeetu@amazon.com) tells Jackie Chang at Facebook “This will break 3 of 
our live integrations” that were approved 6mos prior. (60) 

FB-00557156 - April 2013 email from Bao saying he logged into 36 top apps and “it 
was a terrible and eye-opening experience.... 25 had non-delightful experiences in at 
least one of their endpoints...i.e. anything that felt busted / unpleasing that a user 
might blame FB for.” 

FB-00558202 - May 21,2013 document summarizing mobile re-engagement using 
Neko to monetize developer apps. (tied to email FB-00558191). Final page shows 
example with Jackthreads. 

FB-00458654 - May 2013 discussion of “NEKO” and how to use it for re-engagement. 
Notes that NEKO started 9 months prior and that 50% of revenue is still pay per click. 



Discuss using a certain type of ad, Type 32 ad, to drive mobile advertising in newsfeed 
to deep link into partner apps. 

May 2013 email between Vernal O’Neil Hagman Federov discussing how to handle 
removal of full friends list for providing social context, agree on creating a social 
context API. Vernal is already focusing on user trust messaging. Vernal: “1/We 

explored this extensively a year ago but decided that it would crush traffic to 
developers. Since then, I think we’ve moved away from our singular focus on 
distribution and would be more willing to make this trade-off. 2/A number of 
people have asked to have per-item control of historical imports from action importers 
and have expressed concern about enabling future-syncing given the opportunity for 
embarrassment. In the spirit of focusing on the user and focusing on trust, I feel 
like we should be listening more strongly to this feedback. 3/ As we remove friend 
data from the API, I realized we’ll need to add some kind of social context API that lets 
you contextualize some object (e.g. “The Godfather - 30 of your friends watched 
this”).” 

FB-00494014 - June 2013 email for platform product launch from Kevin Prior 
describing June releases for Neko v4 and “TEST: Buy on Facebook Partners (Karma 
self-gift).” What was Neko v4? 

FB-00560652 - August 2013 Koumouzelis sends Platform 3.0 presentation and says 
“Timeline slide is intentionally absent given the latest re: Zuck review.” Did Hendrix 
attend this Zuck review? 

FB-00560701 - August 2013 Koumouzelis email to Sukhar O’Neil Lee Hagman with a 
few changes to Platform 3.0 Proposal: “Making the full friend list returned by 
friends.get a permission (with a strict usage policy), rather than deprecating the 
functionality completely.” Preparing a write up for Vernal to review. Sukhar says it looks 
good to him. 

FB-00513936 - Sept 2013 chat between O’Neil and Greg Marra where O’Neil tells him 
that after they deprecate read_stream permission it “will still be available to apps 
whose use is governed by contract - e.g. HTC, Microsoft, Blackberry, etc.” 

FB-00587355 - Sept 2013 “Platform Simplification” presentation prepared by O’Neil, 
Purdy, Sukhar stating that the goal is to “Protect the Graph” - “Deprecate all friendj* 
permissions, deprecate read_stream, approval app use of all permissions, [note: 
partners w/ contracts are protected].” Includes a launch timeline that has all PS12n 
deprecations complete by July 2014. 

FB-00433691 - Sept 2013 O’Neil “Core Platform” PS12N Status Update Presentation - 
references “Little-‘tin” and “Dark launch SLA” - what are these? Also, access detailed 
API spec at: http://home.fburl.com/~ekoneil/ps12n/ 



FB-00499976 - Sept 9, 2013 PS12n meeting discussion. Federov says he is meeting 
with Vernal. O’Neil asks to join. Federov tells him “it will be most productive as the 
smallest set” and keeps O’Neil out of meeting. 


FB-00490163 - Core Platform presentation Oct 1 2013, goal of increasing FB/Parse 
adoption in mobile ecosystem. Why increase Parse adoption if going to shut down? 
“PS12n Graph protection - discussed 3 approaches with Growth - apps only access 
app friends, apps access all friends w 3 rd party IDs, apps access all friends w/ real IDs 
and channel protection. Growth’s major concern: don’t leak communication 
channels....Growth approved this proposal: App gets all friends....” Who runs Growth? 
Who is in mtg where this was presented? What does it mean “don’t leak 
communication channels”. Try to clarify growth’s seeming approval of apps getting all 
friends. Talks about exceptions for games and says will have a friends list replacement 
for games because removing friend_* yields lower quality MFSs.” What is an MFS? 
Says “cross app promotion: non-goal to support apps doing their own cross 
promotion. Use paid FB channels instead.” Does this say they are making it harder for 
apps to do organic promotion and instead will need to pay FB? 

FB-00534994 - Oct 2013 email O’Neil to Sukhar. O’Neil: ‘Pitching PS12n to 
engineering team-by-team.... Hendrix is being tested with partners and is on track to 
launch; it may grow in scope to include some doc rewrites.” What is Hendrix? 

FB-00558443 - Oct 2013 email from Dev Chakravarti to O’Neil summarizing some 
areas O’Neil was interested in investigating further: “Help defend why we need to 
‘protect the graph’. Plot API calls per DAU Per App and generate list of potential 
scrapers. Try to uncover other unusual app behaviors that may indicate scraping 
(overuse of unusual parts of the API?).” 

FB-00579914 - Oct 2013 email between Silver and others describing a meeting with 
O’Neil and Cross. Silver: “Had a good meeting with Eddie O’Neil...where we discussed 
what’s changing for the developers and what’s changing for us internally. There are 
public facing apis for the platform and private apis that select partners will either be 
whitelisted or sign contracts to access these apis (ie: public feed api, friends.get*, etc), 
we need to map out the lifecycle for the developers and what those internal 
touchpoints/support would be.” Leow then summarizes: “Simon: Prepare whitelist of 
Partners for Private APIs”. 

FB-00422062 

October 2013 chat string in which FB employee Eddie O’Neill asks other FB employees 
to list non-game apps that use the full friends list and employees quickly rattle off a 
number of apps, including: Kickstarter, Bandsintown, Strava, Waze, Instagram, Vamos, 
Foursquare, Songkick, Shazam, Deezer, Spotify, Mixcloud, EyeEm, Wrapp, Tinder, 
HotorNot, Tripadvisor, Nike, Sosh. It is public information that these apps used this 
data as you can tell just from using the app. 



FB-00461149 - November 2013 Highlights from Sukhar: “We’re going to launch PS12N 
API & permission changes as part of Login v4 in terms of messaging (User Trust). The 
new stuff (versioning, SLA, new APIs) will launch at the same time but will be 
messaged as a new focus on developers and mobile.... Hendrix launch is down to 6 
blockers, almost all just pending a diff review.” 


FB-00461191 - December 2013, O’Neil preparing the partnerships meeting slides for 
PS12N and Vijay S provides an edit in which he “avoids referring to this as PS12n”. 
What was the new name they used to refer to it? 

FB-00434554 - Dec 2013 O’Neil Cross - “PS12N Whitelist Pre-Approvals Master Table 
of all apps impacted by PS12n deprecations” 


FB-00279843 

December 2013 email from John Zimmer, the founder of Lyft, to FB employees 
accusing FB of deliberately permitting Uber to violate FB’s policies to give Uber a 
competitive advantage against Lyft. Uber was using data from Facebook in a way that 
clearly violated Facebook Platform policy to directly target Lyft drivers to try to get 
them to switch to driving for Uber. [“This is upsetting and different than what was said 
before when we were told you had found the issue. We continue to see instances of 
this. This seems to be a major Facebook privacy and platform flaw that press would be 
interested to know about. I really don’t want to be difficult, but this lack of enforcement 
is hurting our business and we will have to take our own next steps. Please let me 
know the names of the department heads that are involved in this.”] No contractual, 
financial or technical information is communicated in the exchange. 

FB-00499962 - Dec 2013 chat with Sukhar and O’Neil. Sukhar mentions a PS12n 
meeting that isn’t on O’Neil’s calendar on December 17, 2013 - who attended this 
meeting? O’Neil mentions a pitch from Purdy around transitioning Platform’s focus into 
“an API program targeted at games but have no idea if the rev share idea will work.” 
Sukhar responds: “I still want to get a better read as to why the horizontal platform 
isn’t interesting anymore but for the time being it’s a reasonable justification for 
platform ©” 

FB-00510486 - Dec 2013 email from Scott Carpenter: “My wife (Brazilian) is telling me 
that many of her female friends and family are deactivating their FB accounts due to an 
app called “Tubby App”. It’s apparently like LuLu but where men rate women sexually 
(and it is pretty vulgar). I suppose that similar to LuLu they are not technically violating 
policy since users are authorizing friends_* permissions. Still, how is this really 
different than other apps we have blocked for competitively copying our friend 
graph?” 



FB-00454693-700 - Jan 2014 PS12N impacts on games. (700) Amir Naor explicitly 
notes that games will be exempt from non-app friend list deprecation and that a 
separate API will be provided to them for ranking purposes to fill the hole from 
friends_* permissions deprecation. (699) Ling Bao writes that O’Neil will be the PM for 
Login v4 in the first half of 2014: “Login PM will be Eddie in HI which lines up nicely as 
he owns the rest of ps12n which simul-launches w/ v4. George Lee clarifies how the 
non-app friends APIs will work: “We are taking this away for unapproved devs and 
games will be whitelisted, but we still are splitting the API into two distinct APIs: api 
friends and non-app friends (aka Invites API). So, whitelisting is really for the Invites 
API. The task for the new API is #3388371: provide an invite graph API of friends for 
developers and it seems there are additional needs like specifying device filters for the 
API...I was assuming that Eddie’s team would do the work around removing in-app 
friends frm the existing friends.get API...@eddie - let me know if that is incorrect...” 
O’Neil responds: “on non-app friend deprecation: API team is building this. Vish and 
Harsh are driving. How it surfaces in the API is TBD. Open to suggestions.” O’Neil in a 
follow up note sends the task for deprecating friends_* permissions 
https://our.intern.facebook.com/intern/tasks/?t=3003710 


FB-00481692 - Jan 2014 Cross sets up a task for “PS12N Affected Apps Outreach: 
Determine prioritization of apps that will have features deprecated / privatized 
with PS12N outreach.” FB-00481693 - “There will be a lot of developers affected by 
deprecations and privatization of APIs with PS12N. This task specifically focuses on 
the APIs that are moving from public to private/deprecated. We need a way to filter, 
prioritize and identify these apps for the following purposes: Pre-Launch: reach out to 
sensitive apps (see 3338917). Post-launch: 1/ reach out to important apps to explain 
the changes and give our Platform a more human element. 2/ filtering & routing 
submissions from impacted devs who appeal and have valid use cases (see 3147891).” 
Check for these two additional tasks 3338917 and 3147891. 


FB-00528201 - Jan 2014 O’Neil task for “PS12n Whitelist Process Agree Legal 
requirements for whitelist access” 

FB-00576663 - Jan 2014 O’Neil task “PS12N Affected Apps Outreach Determine 
prioritization of apps that will have features deprecated / privatized with PS12N for 
outreach”. 

FB-00576789 - Jan 2014 O’Neil task “Support in Hendrix for per-version guides and 
docs.” 

FB-00545863 - Jan 2014 email from O’Neil to himself writing reminder notes on tasks. 
One of them is “follow up with mark on read stream”. 





FB-00548667 - Jan 2014 chat with Purdy noting meetings scheduled with Mike and 
Javi on 1/21 and Mark on 1/24 (messenger platform, sukhar owner), Mike on 1/24 and 
Mark on 1/27 PS12n O’Neil owner), Mike on Feb 3 and Mark on Feb 4 (games Lee 
owner). Did Hendrix attend these mtgs? 

FB-00456587 - Feb 2014 task with Cross, O’Neil, TR, Singh and others for “Gate 
access to non-app-friends by a capability”. This is the task that permits certain apps 
to continue to access the full friends list. Cross writes in the task description: 
“Apps which have enabled the platform simplification migration won’t get access to 
non-app friends. That means calls to /me/friends will only return the subset of the 
user’s friends who have also TOS’d the app. Some apps have a valid use case to 
access non-app friends. Examples: -Venmo allow you to send a payment to a non- 
app friend - Bing needs this to display public data from your friends which they 
acquired via the firehose. As such, we will need a new capability: 
“can_read_non_app_friends”. When apps with this capability request /me/friends 
AND where the user has granted the user_friends permissions, the API will return 
the full set of the users friends, including friends who have not TOS’d this app.” 


FB-00499947 - April 2014 chat with Cross and Blizzard where Blizzard checks the 1- 
year deadline with Cross. He was “just making sure we don’t scare the ever living shit 
out of developers.” 

FB-00482084 - April 2014 Kinsey and Helmer discuss privacy permissions in the 
“Platform Trust” group. What is Platform Trust group and when was it formed? Kinsey 
writes: “I don’t see much point in testing this since the data will be void come f8.” Why 
is Helmer testing to see if the ordering of permissions affects whether they are 
selected? Seems like they are collecting data on privacy after the fact. 

FB-00482093 - April 2014 O’Neil task “PS12n Privatizations - ensure 
/v2.0/FRIENDLIST_ID/members includes non-app-friends for apps with 
manage_friendlists perm”. This is the task to give certain apps special access to the 
data that 643’s app needed to function. 

FB-00454360 - May 2014 Hulu whitelist discussion regarding login on their TV app. 
O’Neil, Cross, Archibong, Hurren. Shows URL 

https://our.intern.facebook.com/intern/platform/talent/group_details.php?group_id=Hul 

u_auth_loqin ” - shows they managed whitelist agreements through the Talent platform. 


FB-00556827 - June 2014 email noting academic apps like CollegeConnect that “no 
longer function because they can’t access a user’s friend through the API. In the case 




of CollegeConnect, this is a multi-year project that has been funded by the Gates 
Foundation, and “visualized social networks to help lower income students find better 
and more successful routes to university”. My friend Bernie Hogan, who has been 
developing it at the Oxford Internet Institute is wondering what his options are now. Are 
there any exceptions being made for such projects?” Leow responds: “If they want to 
extend past that period [April 2015], we have a feature request contact form that gets 
evaluated by a XFN team to catch ‘awesome use cases’ we may have missed. Simon 
and Eddie are good people to run ideas by.” 

FB-00472907 - August 2014 task with O’Neil for “Users who disable platform should 
not appear in /me/friends or any MFS.” O’Neil notes, “People who care about this 
really care about this - we should fix this as soon as possible. The model is that if you 
disable Platform, your FB profile does not exist in the context of 3 rd party, non-FB 
mode apps.” Demonstrates FB had a privacy flaw outside the control of 
developers and did not fix. This bug was reported before they rolled out the changes 
and task reaper said “This task has not been updated in over 3 months” and they never 
fix it before announcing the changes. 

FB-00556251 - Aug 2014 FB employee Larry Schrof complains that one of his friends 
uploaded an album and he got seventeen different notices for each photo. Horrible, 
intrusive experience that FB built. Shows didn’t address privacy properly. 

FB-00472731 — Sept 2014 task with O’Neil for “PS12n Whitelist Pre-Approval Review 
Financial/Banking/Payments apps affected by PS12n for potential whitelisting”. 

FB-00454582 - Oct 2014 Cross O’Neil KP Task for Ordered Friends List. Proof that 
they had a whitelist for returning non-app friends in Graph API 2.0. Proof of arbitrary 
decision-making giving Netflix access to non-app friends but not Pinterest. “We have 
a whitelist only API called orderedfriends. In API v2.x it returns non app friends. 
The expected behavior is that it should return only app friends. As an alternate 
solution, we should just not support this endpoint anymore after vl. The only partners 
using it are Pinterest and Netflix, as listed here: [url for Talent tool].” KP: “My 
recommendation to Eddie and team has been that we preserve access to this API 
for Netflix, including non-app friends as part of their Titan API integration.... I am 
100% in favor of the idea of removing it for Pinterest for 2.0 but I would not 
recommend removing it for Netflix going forward.” Cross: “So I’m game to keep 
this for Netflix, but think we should remove for Pinterest as they won’t continue to 
get full friends, and it’d be better to avoid the eng work to scope this to app-friends 
only.” 

FB-00599536 - Oct 2014 email in which KP offers Badoo common friends private api 

FB-00600167 - Oct 2014 email in which KP Archibong and Tretti discuss Pinterest 
abuse of Ordered Friends whitelist API, making way too many calls, concerned about 
leaking graph. Realize it’s not as bad as it seemed. KP notes that “The possibility of 



using invites requests has unblocked their migration plan. They were reluctant to do so 
earlier, as long access to non-app friends that they use for their growth would not have 
been ideal for them.” Indicates Pinterest still had access to non-app friends. 

FB-00045908-09 

October 2014 email from FB employee Nikhil Bobde asking five other FB employees: 
“Are there any legal implications if we whitelist some apps and not the others? Just 
checking.” After receiving no response for over two days, Mr. Bobde pings the 
employees, and one of them, Dhiren Patel, responds: “There shouldn’t be any; we’ve 
done this kind of stuff before.” 

FB-00454583 - Oct 2014 email in which KP, O’Neil and Cross discuss Ordered Friends 
API used by Netflix and Pinterest, which includes non-app friends in v2.x. KP says: 

“My recommendation to Eddie and team has been that we preserve access to this API 
for Netflix, including non-app friends as part of their TITAN API integration for 
consoles. I am 100% in favor of the idea of removing it for Pinterest for 2.0 but I 
would not recommend removing it for Netflix going forward.” O’Neil responds: 
“We’re vetting questions like this with Mike in ~2 weeks, so let me know.” 


FB-00548864 - Feb 2014 email from Creitz to O’Neil seeking approval to share PS12n 
with Microsoft before announcement so they can work on a workaround together. Also 
with Sony. Creitz: “we need permission to share certain aspects of platform 
simplification with them, before f8 (and as close to now as possible). This will allow 
them to architect their system for smooth implementation of the switchover. I believe 
that you might be the person who can authorize that. Because they have been working 
with us all along, that authorization will also need to extend to Sony’s Playstation team, 
as it would be very poor form to favor MS over them given our history of ongoing 
successful cooperation, compared to the stalled and recently restarted MS 
relationship.” 

FB-00587485 - Feb 2014 email between Archibong Cross O’Neil Chang discussing 
PS12n presentation for an Archibong mtg with Rose. Archibong: I’ve made some 
format and language suggestions/tweaks...The area where I’ve added a couple words 
in, is in the “Exemptions” section. This will be the area that Dan will want to discuss the 
most. Remember that he’s of the mindset that we shouldn’t have a whitelist for 
anything, so we’ll have to explain to him why these three buckets are necessary.” 
Chang: “Actually, here’s an updated version. I’ll explain on the call, but in essence 
we’re not going to grant any exceptions, only extensions based on contract and 
partner sensitivity. Where I’ve labeled ‘exemptions’ are actually private apis today that 
allow for friend data to be read... I believe we should keep maintaining these apis as 
private strategic ones - however, it’s worthwhile acknowledging this as there’s been 
some confusion by partnership teams on how we plan to maintain these going 
forward.” 



FB-00454708 - Feb 2014 Discussion of engineering items remaining for Graph API 2.0 
rollout, explicit recognition of whitelisting and making it easier to whitelist. Assumption 
that the announcement is going to mention these deprecations and there’s going to be 
blowback from developers. Lee “We also have plans to reveal all of these at 
f8....There will probably be some discussion after f8 on whether the reaction from 
developers warrants some fallback or other kind of response, but I don’t think we 
can spend any more time speculating. We just need to get this stuff out there and 
figure out what the implied impact will be once we get developer feedback.” TR: “Want 
to make sure we’re all on the same page wrt what ‘login v4’ means, since it has also 
been overloaded as an uber term for all ps12n work’. Jeff Spehar: “This to me sounds 
like something that will become a ‘permanent’ migration because granting some 
friends_* info feels exactly like the type of thing that we’ll want to give a small set 
of whitelisted partners so I’m wondering if we’ve thought about enforcing this 
entirely via perms review.” Spehar makes clear that the plan is to give unequal 
access and by using permissions review as the mechanism, it makes it easier to 
determine which developers they want to give access to versus which they want to 
disadvantage. 


FB-00456733 - Feb 2014 task “Update examples in FBRell JS Console to not expect 
canonical IDs” by Cross noting that “PS12n changes how we want developers to think 
about Platform” and so they need to make changes to FBRell. What is FBRell? 

FB-00433999 - Feb 2014 O’Neil Task “Let apps request access to non-app friends via 
a helpcenter form”. What does this mean? 

FB-00434121 - Feb 2014 Task “Return only tosed friends to an app”. On the task are 
TR Vishwanath, Cross, O’Neil and Singh 

FB-00434129 - Feb 2014 Task “Remove Implicit Platform Stories” - “Goal: Move the 
developer ecosystem to an explicit story model without seriously damaging our key 
partner relationships or games business ASAP” 

FB-00476022 - Feb 2014 chat string between O’Neil and Sukhar. O’Neil: “What makes 
you uncomfortable with this plan?” Sukhar: “Just the optics of launching deprecation 
at an event.... Jonny had a good outlook in that launching things after f8 will be even 
harder to get right because folks will be exhausted. So, let’s just roll with it.” O’Neil: 
“OK - I think this will be a good message. The model changes will indeed be hard on 
developers, but it will be really hard to argue against the people-centric message of the 
changes. Overall, it’s good for FB with some collateral damage to the developer 
ecosystem.” 


FB-00454416 - Feb 2014 Final Task for Removing Implicit Newsfeed Stories - lots of 
discussion among O’Neil, Purdy, Chang and others regarding user trust aspect of 



implicit sharing since users may not know they’re posting the story to FB graph. 
Discussion of impact on Pinterest, whose traffic will tank as a result of this. Also 
discussion of Netflix and Spotify. Chang suggests using this change as leverage to get 
Netflix to agree to entity card discussions. Chang then notes: “agreed with Peter Yang 
on all or nothing as the messaging sounds pretty terrible - because we’re basically 
saying implicit stories are terrible except for music and games. I think this is even 
more so why we shouldn’t spell out how we’re changing newsfeed algo in the 
reactive partner msg as it will make it very clear that we’re being inconsistent in 
our standard and arbitrarily controlling nf distro for partners.” Purdy: “I don’t think 
we are communicating clearly. I am likely going to call a meeting of the key 
stakeholders this week as there is too much discussion on this task. 1. We shouldn’t 
be saying anything about how we are removing these stories (special casing 
games/music for a little while), just that we are removing these from feed over the next 
few months. 2. Once this change is complete, we are not going to ever show implicit 
stories in feed/ticket, we are going to use the implicit ^actions to create special 
game and music recommendation stories. If the vertical is important enough, like 
movies maybe, we can do the same thing”. 


FB-00497521 - Feb 2014 email from Ellen Silver to O’Neil asking when the Zuckerberg 
review of ps12n meeting will be held regarding a decision to remove 1,533 whitelisted 
apps for housecleaning since they are dev/test apps but mistakenly set in production 
mode. Task notes that there are 5,300 capability-enabled (whitelisted) apps. Silver’s 
comment shows that this should be Zuckerberg’s decision because it is related to 
PS12n: “Hey Eddie - what day is the Zuck review for PS12n?...l’m curious if there are 
other drivers in getting this sandbox email out on 2/11 as opposed to waiting for after 
the Zuck review? Is there any downside to waiting a few days? While I understand it’s 
somewhat independent from PS12n/Loginv4 and good housekeeping practice, I just 
think our developers are smart, some will speculate and may inadvertently take away 
from the “moment” we’re looking to create with PS12n/Loginv4.” Did Hendrix 
participate in this Zuck review? 

FB-00499978 - Feb 2014 chat with O’Neil and Cross discussing a developer 
presentation. Cross was not happy with the FB employee who spoke before O’Neil 
because he didn’t do a “great job of (a) explaining our plan and rationale and (b) 
owning/shaping the discussion. I get itchy when I know we could be clearer in framing 
and explaining. Shame we didn’t get to sell removing friends_* and login review more 
strongly.” O’Neil: “Yeah, we decided not to talk about Login Review at all and to talk 
about friends_* as a consideration rather than a plan. Didn’t want to commit 100% 
since we have 2 months until launch ©” 


FB-00500041 - Feb 2014 email with O’Neil and Sukhar. O’Neil: “Any update on the f8 
/v4 plan with Mark?” Sukhar: “not yet talking to him tmrw lish”. Did Hendrix 
participate? 



FB-00510070 - Feb 2014 task O’Neil and Ashley Moore “PS12n Let apps request 
access to non-app friends via a helpcenter form.” “With PS12n, Apps won’t get 
access to non-app friends when calling /me/friends. However Games on Canvas with 
Credits will automatically get this. The other main use case for non-app-friends (NAF) is 
tagging, but we’re building a tagging API to satisfy this case. Given that,, there are 
VERY few cases where we want an app to have non-app friends. This ability will 
be gated by the capability. However, we still want apps to be able to request 
access to NAF, but not make this a core part of the developer experience.” 


FB-00510183 - Feb 2014 O’Neil task “Return only tosed friends to an app” 

FB-00517405 - Feb 2014 email between Sukhar, O’Neil, Gupta, Poll, Lacker, 
Koumouzelis trying to resolve how not to leak friend graph with new Invites API. Gupta 
gives options for how to handle with option 2 saying “This is also in keeping with the 
ps12n goals of not leaking the unTOSed friends graph.” 

FB-00558390 - March 2014 task Cross O’Neil “PS12n Privatizations ensure 
v2.0/FRIENDLIST_ID/members includes non-app friends for apps with 
managejfriendlists perm 


FB-00482145 - March 2014 O’Neil task “deprecate - privatize friends_* 
permissions” 

FB-00510419 - March 2014 Singh/O’Neil/Cross task “PS12n only return app-friends 
via v2.0 by default, unless the app has various capabilities which bypass that 
restriction.” Cross: “Some apps have a valid use case to access non-app friends. 
Examples: Venmo allow you to send a payment to a non-app friend - Bing needs 
this to display public data from your friends which they acquired via the firehose. 
As such, we will need a new capability: “can_read_non_app_friends”. When apps with 
this capability request /me/friends AND where the user has granted the userjfriends 
permissions, the API will return the full set of the users friends, including friends who 
have not TOS’d this app.” 

FB-00510421 - March 2014 Cross task “Fully deprecate (not privatize) Checkins and 
Locations APIs and Permissions”. Shows that they recognized a distinction between 
deprecate and privatize. They privatized accessing non-app friends but said publicly 
they were deprecating it. 


FB-00514157 - March 2014 chat string between Chang and O’Neil. Chang: “Working 
with the events team and we made the decision to deprecate the events Apis. 



We’d like to incorporate that into ps12n- (1) is that possible? (2) what’s the best way 
to go about this? As context, they’d like to extend the longer window of wind-down 

and strategically, it makes it look a lot less targeted if we can roll it into a broader 
deprecation.” O’Neil: “Hm - we should discuss. Don’t think we can deprecate the 
events API because: 1/ games built an events product on top of it 2/ pages use it to 
publish events. So we can wind down the non-game usage of events on the User 
object.” Chang: “we’re trying to build out an affiliate program where they ingest 
the events directly and collect money....i think we’d want to maintain that usage 
privately. Mostly, I think the goal would be to privatize this api since the team 
hasn’t been prioritizing any bugs and there aren’t that many devs using it where it 
makes sense to publically support it and the devs who are using it, we’re trying to 
build direct partnerships with.” 

FB-00517986 - March 2014 O’Neil task “Login session deck” where they discuss 
framing the new Facebook Login/ps12n. Jeff Spehar asks them to collect stats about 
increases in click through rates and install growth “to help the message that focusing 
on user trust has downstream positive effects for devs (even though we all know it’s 
painful)” (90). Seems like this is when they started reverse engineering the data for the 
user trust case. 


FB-00472653 - March 2014 task for “ultra heavyweight permission review criteria” with 
O’Neil Hendrix, Koumouzelis and Cross. Koumouzelis confirms that “manage_groups 
is indeed whitelist” and that he’s “working with Simon and Allison to nail this down.” 

FB-00457159 - PS12n All-up testing - Pass 2 March 2014, Cross asking developers to 
attend a meeting and cerate test apps in advance and add them to the 
“hendrix_test_apps” list. References internal URLs and “GKs”. 

FB-00457331 - “Migrate GKs to Capabilities” task from March 2014. What does it 
mean to “use capabilities instead of GKs to define blacklists and whitelists”? 

FB-00430879 - Mar 2014 TR Vishwanath and Cross discuss the Graph API 2.0 rollout 
principles - demonstrates that Login v4 and PS12N are intimately related because 
Login v4 becomes the gateway to enforce transition to PS12N. Shows they already 
knew apps using Graph API 1.0 would be retired so Zuckerberg’s announcement was 
a lie. Shows that they anticipated and planned for whitelisted apps to get exceptions. 

FB-00569387 - March 2014 task “PS12n Privatize other permissions (read_requests, 
manage_notifications, manage_friendlists etc)” 


FB-00590289 - April 7, 2014 presentation to select developers on F8 and login (Zynga, 
Rdio, etc.). Explicitly states deprecations, unlike April 30 announcement. 



FB-00570361 - April 2014 O’Neil task “Fully deprecate (not privatize) export_stream in 
v2.0+ of the API.” 


FB-00559931 - April 2014 task O’Neil Singh “psl 2n Privatize /me/subscriptions and 
/me/subscribed to in v2.0+ of the API 

FB-00558489 - April 2014 email with Cross Koumouzelis Sukhar O’Neil Federov and 
others regarding negotiating with Apple the new FB Login Review. 

FB-00558679 - April 2014 O’Neil task “Privatize user_notes in v2.0+ of the API” 

FB-00558756 - April 2014 FB employee notes photo privacy issue. 

FB-00473032 - April 2014 Cross and O’Neil discuss potential Salesforce whitelisting, 
no firm decision. 

FB-00473102 - April 2014, Peter Yang asks O’Neil and Cross in an email about 
read_stream, saying “I know this is being privatized, but are we still planning to 
deprecate it at some point?” 

FB-00472826 - April 2014 task with O’Neil, Cross and others for “Social Context API” 
in which O’Neil notes “If an app has been approved for access to all friends, 

presence in this list != TOS’ed.” 

FB-00560271 - April 2014 O’Neil task “deprecate Privatize parts of the Events API in 
v2.0”. 


FB-00552033 - Email from FB employee December 2014 noting a privacy bug where 
someone shares a photo and someone else can see it even though they aren’t friends. 

FB-00434544 - 2014 draft email around new Login v4 to developers saying they 
should upgrade by December 25, 2014 to avoid issues. Why was this never sent to 
643? It says the new login contains “significant differences from the previous version” 
but still doesn’t say what those differences are. Which developers received this 
upgrade email? 

FB-00499945 - Jan 2015 email from O’Neil discussing Cox meeting and presentation 
regarding product vision. Just shows Cox runs product. 

FB-00559392 - Feb 2015 FB employee notes photo privacy issue. 

FB-00491015 - Feb 2015 email from Cross with Platform NPS scores from developers, 
NPS rated from -100 to 100 and score is -19 “mostly due to the churn for many 



developers caused by the significant model changes in v2.0 and Login Review. This is 
totally to be expected. We’re turning a number of screws to improve Platform for 
people -our most important audience—which isn’t always net positive for developers. 
But we should be pleased that this number has remained stable over the last 3 
quarters, rather than continuing to decline.... But overall - this survey should give all of 
us great signal that the work we’re doing is improving the lives of developers 
worldwide.” 

FB-00492776 - NPS data from Feb 2015 showing satisfaction and dissatisfaction with 
frequency of changes to APIs (47% dissatisfied, 19% happy), completeness of APIs 
(only 24% dissatisfied), platform stability (37% dissatisfied), platform policies (33%). 
FB-00492779 has the survey used for developers. 


FB-00596468 - March 2015 email from Matt Hagger, CEO Doppels: “My product does 
not use the FB import friends graph as a way to mask users that don’t exist natively or 
as any form of invite feature. It is there ONLY as a very elegant and beautiful way to 
wish users Happy Birthday, which I will also now be able to integrate with messenger. 
My application is very exciting, we have raised funding and I believe it is going to grow 
very fast.” Tom Lorek FB employee brings to KP to see if they can make an exception. 

FB-00596473 - March 2015 Email between KP and Skype where Skype gets 
whitelisted. 

FB-00596486 - March 2015 Email where Eugene Zarakhovsky grants request by KP to 
give Nissan whitelist access to friends_photos and other privatized endpoints. Seems 
only temporary. 

FB-00596517 - March 2015 task “[Whitelisting] Remove all friends access from Tinder” 

FB-00596405 - April 2015 email from Yahoo regarding Vizio TV impact to KP: “Thank 
you for clarifying FB’s position. The Facebook branded app has been shipping on 
millions of Vizio TVs since 2009 and is one of the most popular apps on the platform. 
Removing the newsfeed functionality would be disservice to Facebook and Vizio 
customers who have come to rely on this device to connect with their Facebook 
network. Is Facebook planning on developing their own TV app in the near future or is 
Facebook not allowing 3 rd parties to develop Facebook branded app?... In the short¬ 
term, I believe the data from the “stream” table for our newsfeed feature is not expiring 
until next year, correct? If so, in order to maintain the data in the current app it looks 
like we need the “read_stream” Extended Permission in the short-term. Please let us 
know if we understand this correctly.” 


FB-00519754 - April 2015 Tsang/O’Neil task “Whitelisting Remove all friends access 
from Tinder.” 



FB-00594684 - April 29, 2015 email exchange between KP and Ashley Moore. KP: 

“can u please tag all the people in your team that have worked on simplification?” 
Moore: “simplification, meaning Login Review?” KP: “platform simplification”. Moore: 
“Yep, will tag the team in © Just haven’t heard it referred to as Platform Simplification 
in over a year.” KP: “LOL. I know © I am an old timer.” Shows Login Review and 
PS12n conflated deliberately, can refer to same thing. 

FB-00596096 - April 2015 KP email to Tobii where KP gets Alexander from Tobii to 
tweet to an affected customer that they are working with FB to try to resolve. KP cares 
more about the PR issue than actually solving the issue. 

FB-00025848 

April 2015 email from Outcast Agency (PR firm) employee Kacie Thomas to FB 
employee Johanna Peace stating that in “preparation of backlash from developers who 
are negatively impacted by the change, recommend having a few positive/happy 
developers...in our back pocket who can neutralize this for us in the media; also 
recommend having a reactive statement on hand should we need it.” 


HC 


• Matt Trainer asked about different reciprocity business models and set up a meeting with 
Charles and Vlad 

o 12/4/12- FB-00945563 

• Douglas Purdy goes over his narrative for platfonn roll out, then Vernal says he has a 
different narrative in his head and they need to be merged or pick one and Douglas says 
there are too many narratives and he needs to meet with PR. Amazon looking for too 
much data, not in Facebook’s business interest. Goes through same analysis for Google 
Maps, Microsoft Bing, Office, Windows Phone, Google, Wifi, Gifs. Companies aren’t 
happy with current arrangement. Vernal says going to be tough for everyone because they 
were giving things for free and now we’re requiring payment as “reciprocity”. Long term 
partnerships will be rough. 

o 7/7/13- FB-01150159 

• Some quotes from a survey on employees regarding Vlad’s leadership, they are 
discontent with how little say they have in the decisions being made, “feeling 
disconnected from decisionmaking” “being told what to do”. “p3.0 we know it’s a big 
deal, no one’s talking to us about it, we want to be able to make plans but we can’t 
because no one is telling us what’s going on and no information being released on what 
exactly it’s going to be and when it’s going to happen”, “not a lot of leadership and a lack 
of ideas and no clarity on who is in charge”, worse than “dysfunctional” 






o 2/21/13 -FB-01152630 

Vernal went over a slide deck talking about friends_permissions and expressed how 
poorly the analysis is, he is looking to create buckets of who should get it and who 
shouldn’t. Vernal’s looking for which companies are actually pulling the data. Impact 
deck to explain impact of removing friends from API. Justin Osofsky prepared the 
analysis, Purdy Vlad and Jolley on it. This is the first competitive audit. 
o 11/19/12-FB-01155754 

They discussed how they will not do an announced rollout of P3 and will instead add it in 
softly and when it does come out have a ready excuse as to why. Purdy and Vernal. Not 
going to announce that they will require reciprocity and want to have a positive story in 
place. Positive story is that reciprocity will increase usage and downloads of apps. No 
mention of user trust, user privacy, user control. Trying to fabricate a positive story but 
don’t have user trust angle yet. 
o 5/15/13-FB-01199233 

Large discussion on platform and community- to sum it up they have heard there are 
problems but they are denying it and saying it will not cause any problems. Leaning 
towards making developers pay directly for data access. Tension between charging 
developers and having it be free. People wouldn’t take having to actually pay for it very 
well. Discussion of enforcing policies against competitors (mention WeChat). Vernal, 
Zuck, Lessin, Purdy, Olivan, Schultz, Baker, Cox, Schroepfer, Rose, Daniels, Sandberg, 
Ebersman, Vlad, Ondrejka, Babros. Zuckerberg 
o 11/19/12- lB -01155760 

Overview of what P3 will be and the risks it will give to games, calls friends.get a 
breaking change and admits it will be a problem for games 
o No time stamp- FB-01197388 

Talking about reciprocity with Refresh.io, saying that they do not give enough back to get 
a reciprocity agreement so they should possibly acquire them. Lessin says they should 
consider acquiring them, Monica Bickert. Taking a large amount of data and comparable 
to Linkedln graph and not giving enough back. Archibong, Two options: blacklist or 
acquire. Purdy also on email 
o 3/27/13-FB-01199485 

They talk about switching to P3 and making sure all competitors and any payment apps 
are shut down. Purdy Justin O, David Swain, Jennifer Taylor, Sean Ryan, Vernal, Rose. 
Purdy says shut down competitors, including payment apps. 
o 1/7/13-FB-01201229 

Causes is talking about how development changes will destroy their company and 
mention P3, Justin says he should not be using that phrase and no one outside of FB 
should know it. Matt Mahan emails Lessin, Vernal, Archibong and James Windon 
(Causes employee). Short term and long tenn rationales for shutting down wall posts, 
stopping wall post api, relaunching platform 3.0, incentive alignment. Mahan says 
situation is very bad, very short notice, will “destroy the company”, absolutely cannot go 
forward with it. Justin Osfosky says Mahan should not know that information, they want 
to figure out who said that and make sure it doesn’t happen again. What happened after? 
o 1/27/13- |B -01201182 

Discussing a blog post where they want to start rolling out everything together as Twitter 
did with their big changes. Releasing their own blog post announcing the changes and 











rolling it out together. Rose, Vernal, Purdy, Lessin, Justin O. David Swain wrote a draft 
blog post focused on easier streamlined way of finding friends, discuss premium services. 
Vernal thinks it looks good but it would be Zuck’s decision. Vernal says they would 
bucket the changes into P3.0, including removing friends api. Doesn’t seem like they 
mention user trust, privacy, control, 
o 11/20/12-FB-01201979 

Talked about changing the message (which they did internally previously) because of a 
Reuters article. Justin, Rose, Swain, Purdy, Vernal. Article about Viddy “treacherous 
path”. Justin says they need to drown out reuters article with positive publicity, need to 
start talking about their actual mission and reciprocity. Justin says they need to bundle the 
platform changes with something good to make it more palatable for people. This is 
Justin following up to Rose saying they need to do a restart of the message, 
o 3/11/13-FB-01151907 

Reciprocity agreement for whitelisting Rovi. Whitelisted device auth. Facebook will get 
to access the data of what people are watching on Rovi. 
o 3/27/13-FB-01151036 

They talk about changing the model from a free one to one where you “pay” for the data 
via reciprocal agreements, 
o 11/20/12-FB-01201979 

Talk about platform model, why they need to start charging for data to flow. Purdy, 
Swain, Justin, Vernal, Rose. Purdy says they are going to start charging for data now 
because Justin had been talking about rolling out the policy because the PR risk is high. 
Justin says too similar to Twitter’s announcement, which didn’t go over well and will 
create issues with developers, 
o 1/7/13-FB-01201229 

Ilya asks directly if mark is okay with killing a lot of start ups 
o 1/26/14-FB-0121882 

Discussion over Zynga terms for their API agreement, discusses possibly whitelisting. 
Morgenstern, Rose, Wyndow, Beard, Vernal. Morgenstem thinks that a whitelist 
agreement for Zynga would be part of the deal. Zynga would require users to have a 
facebook account and go over to facebook as well. Zynga having access to friends 
(games friends API). 

o 10/26/10-FB-01109249 

Discussion on platform narrative, framing it as Facebook is the good guys saving the 
world. Purdy, Ilya, Vernal, Vlad. Platform narrative connecting everyone, being able to 
do something on top of platfonn. No mention of user trust, privacy, control, etc. 
o 8/23/2013-FB-00884490 

Talking about read/write pennissions and friends data. States Vernal seems to write if 
you give friends data and then take it away “this will break every single application ever 
written”. Confirm this is what he meant? He is writing this to Julie Zhou, Kelly Winters, 
Sanghvi, Jackie Frank, Vandon, Kinsey. Kinsey writes about giving friend data. Possible 
60 day trial of letting other apps use friend data, 
o 10/22/2009- FB-01122646 

Proposed steps to getting partner deals signed off. Pulling together a meeting, agree on 
goals and value proposition, tradeoffs, review any metrics, decide on a primary deal and 
which team would support the deal. Work with technical solution engineer to execute it, 





getting approval from UI and BD, go into signing the deal and transition ownership to 
partner manager who would then manage partner and evaluate success. Facebook will 
treat them differently in a good way: yahoo, Microsoft, apple, google differently - 
offering them whitelisting or building them one-offs. Justin O in charge of decisions 
about which partners would get approved. Need to be Facebook-branded, reciprocity 
agreement. 

o FB-01122833 

Platform model thoughts- Vernal is calling for full reciprocity, and wanting to upsell to 
get more than 25% data. Response to Zuck. 

o 11/19/12-FB-01155760 

They are explaining APIs and state that search API will be made only available at launch 
and “for most developers, we do not allow access to the API without a session ID and all 
data is subject to our existing developer policies”. Mike Sharon (?), Cox, Taylor, 
Zuckerberg, Vernal and others. 

o 8/14/10-FB-01179610 
Discussing friend fetching method for Pandora 

o 4/6/10-FB-01180835 

Summary of issues with Apple, including two way trade of data and value. Jim Migdal, 
Talihapitiya, Zuckerberg, Vernal, Beard, Taylor, Cox, Rose, Alison Rosenthal, others. 
Vernal says Apple is being aggressive and does not want to trade data because they are 
worried Facebook will use the data Apple gives them in a bad way. Sharing address book 
both ways. Contact sync both ways. Apple wants to be able to use Facebook APIs outside 
of Facebook Connect, use profde pics in their address book. Apple wants a 5 year 
agreement that doesn’t change the terms of the data sharing. Migdal says Facebook not 
real happy about it, wants more of a two way street. Coming up with a strategy for zuck 
to reach out to Steve jobs. FB notes that "apple has asked that we allow them to pull data 
from our APIs regardless of whether a user has provided their credentials.... Apple wants 
access to any and all whitelisted APIs we make available to similarly situated 
companies." 

o 3/16/10-FB-01181162 

Discussion of the breakdown of working with Path- also discussed the breakdown of trust 
with developers on platform and how they need to outline a strategy for top developers at 
a dinner with mark”. Zuckerberg, Justin O, Purdy, Vernal, Archibong, Rose, Lessin. 
Justin O writes that Techcrunch reached out because they saw Path’s access to friends 
had been restricted, (seems like Path reached out to Techcrunch). So Purdy met with 
Dave Morin and backtracked on blacklisting friends data, asked Dave Morin not to go to 
the press. Justin, Purdy, Justin, Purdy. Justin suggests Zuckerberg have dinner with top 
developers. 

o 5/22/13- FB-001199066 

Further discussion with Path, including from Path itself stating that they are being put 
into competition and shut down. Morin sends an email to Sheryl Sandberg, Justin O, 

Jabal forwards it to Zuckerberg, Schrage, Justin, Rose, and others and asks what’s going 
on because Morin is upset. Facebook told Morin they said they were going into full 
competitive mode and removing friend data. Morin said that he is terminating the 
relationship because of loss of access to friends’ data and needs to know what this means 
and make decisions going forward. Justin O writes back to Sheryl with the others copied 







stating that Facebook removed Path’s ability to read friend data. Justin says after a call 
things seem to be in an ok place. 

o 5/1/13- ■ -01199295 

• New data sharing model draft. Charlie Cheever to Vernal and others. Four data buckets: 
public, user permissions, without user permissions, strictly not available 

o 8/24/08-FB-01215274 

• Meetme is a T2 partner who got part of their app shut down, but considering it is a 
partner they are finding alternatives 

o 10/12/12-FB-00957849 

• API Amendment for HP, including a list of APIs they have and are requesting 
(friends.get) 

o 3/30/10-FB-01211565 

• Vernal added three total use cases for friend data. Chat string where mark talked to him 
(Facebook for Adobe Air, Silverface, Birthday Reminders). Trying to find examples 
during trial of friend.get to show good use cases. Don’t thi nk the three apps are 
Facebook. 

o 10/22/09-FB-01182603 

• Platform discussion- Charlie Cheever says that things Zuck isn’t thinking about, breaking 
changes sucks for developers, loss of trust, and doesn’t realize how many people use FB 
platform. Cheever expressing concern to Vernal and Ruchi that giving developers access 
to friend data is going to be complicated. If you give them something and then take it 
away it will just create more problems. Changes happening so fast that Cheever is 
warning there could be long term effects. 

o 3/6/09-FB-01214986 


C 

FB-00843762 - October 2012, Archibong writes to Chang, Rose Yao, Purdy, Justin O and 
others: “why should we characterize this as a user feature? If we’re just trying to give developers 
guidance on reciprocity, we should be as clear as possible and avoid confusing developers with a 
user feature message. I think we should be able to do this concisely and just as tactfully. Google 
was able to do this nicely in response to us a couple years ago: Data Portability Google Supports 
data portability. By accessing users ’ data through the APIs for user in any of your services or 
applications, you agree to enable your users of any such service or application to export their 
equivalent data to other services or applications of their choice in a way that’s substantially as 
fast and easy as exporting such data from Google products and services, subject to applicable 
laws.” This was the original reciprocity goal, but it was not implemented. It got manipulated and 
hijacked along the way. 

FB-00843768 - may 2012, david swain to purdy, Justin o, rose, vernal, Hendrix: socialcam press 
cycle might be caused by viddy so not sure how much to trust it 

FB-00843785 - sept 2011 finalizing enforcement against data export apps asking them to use the 
“download your information” feature instead of scraping. Shows what they are trying to solve for 
initially. 








FB-00843713 - Aug 2011 Swain to Hendrix and others: “Has there been broad sign-off on this 
sentence from legal and the platform leads? “In the spirit of transparency, moving forward we’ll 
announce all policy changes in our Developer Blog.” 

FB-00844111 - August 2007 Cheever, Morin, Slee, Zhuo showing friends.get was available 
since 2007. 


FB-00844167 - August 2007 Ali Partovi to Adam D’Angelo about getting a roundtable together 
as “We all share a common goal of making the Platfonn a great place to build a business.” 

FB-00845743 - May 2007 Platform launch Press release language for partners “Facebook gives 
companies and the developer community access to the social graph through Facebook Platform. 
Using a rich set of tools and online services, developers can now build an application that is 
deeply integrated into the Facebook website.... Facebook Platfonn offers deep integration into 
the Facebook website, distribution through the social graph and an opportunity to build a 
business.” Etc. (see also FB-00845939 notes on new web page for Platform announcement, deep 
integration, mass distribution, opportunity) 


FB-00845745-46 - June 2007 Hadi Partovi emails FB “Our employees have emailed me 
multiple times asking “is Facebook trying to punish us for our popularity?. ..it’s as if on every 
single tab of the directory you’ve changed the rules to make iLike not be #1... .Does “level 
playing field” mean that nobody can win and you will level out the winners to give the 
losers a better chance?” Matt Cohler at FB responds: “I can assure you that we’re not doing 
anything with the deliberate intention of hurting you guys (or anyone else for that matter) and 
that we understand the difference between “equal opportunity” and “equal outcome” ©”. Morin 
responds: “We changed the front page algorithm with the intention of making it as fair as 
possible last night. The algorithm is a trade secret, so we won’t talk about the details of it. But, 
we’re hoping it helps you guys and everyone else compete fairly. And remember, the directory is 
not really the source of truth for your distribution anymore. You guys are everywhere! ©”. Hadi: 
“Yeah, of course we know you’re not trying to hurt us, just your well-intentioned changes made 
us drop from multiple #1 spots all at once.” 


fB -00845966 - May 2007 Facebook Platform apps are full applications according to 
Zuckerberg. Zuckerberg writes “the feedback from hadi that all these people are whining seems 
like a bad sign to me. It’s incredibly important that our initial developers come out of this 
process liking us even though things are moving quickly. I hope that we can give people the 
right expectations that we’re working hard to give them access and open this up months ahead of 
when it would have been fully tested and documented. At the same time, when you’re giving that 
perspective, make sure you don’t come across as arrogant either. We need people to be excited 
about this, not resentful and thinking that we’ve jerked them around.” Dave Morin writes 
back that these are full applications Facebook is allowing developers to build so how do they 
reflect that and Zuckerberg writes back that “widgets” is not an appropriate term for full 
applications. 


FB-00845981 - May 2007 Morin and Vora discussing Facebook Platfonn launch messaging. 
Facebook Platfonn is the world’s most advanced social platform. “With Facebook Platform, 





you’ve got access to a new kind of data - social data, which enables you to build 
applications that are relevant to users.” 


FB-00846006 - May 2007 Dan Rose email to Amazon team: “We believe we’re going to 
attract tens of thousands of small to medium-sized developers to build applications/widgets 
for Facebook. S3, EC2, etc lowers the friction for someone who wants to develop on our 
platform but can’t afford the start-up costs. It also helps us ensure that these applications can 
scale if they start to get viral traction. I’m not sure what this would look like in terms of a 
partnership. Do you have affiliate-like deals for partners who drive AWS revenue?” “if we’re 
successful in attracting a large number of developers, this could be great promotion for AWS.” 


FB-00846024 - Windows Vista Facebook Platfonn app from 2007 - “This gadget allows us to 
expand our reach and helps users interact more easily with their friends. It illustrates what is 
possible with Windows Vista and the Facebook Platform.” Dave Morin. 


FB-00846041 - “You are on a level playing field with us. You can build robust apps, not 


just widgets. Complete integration into the Facebook site. APIs. Data available. FQL. 
Distribution - Friend or Social.” 


FB-00846052 - Facebook Platfonn Addendum to Developer Terms of Service for Trial Use 
Developers. 


FB-00846086 - Platform Marketing Plan v5 - Socialize your app with Facebook Data - Friends, 
Photos. List of partners. 


FB-00846127-28 - Feb 2007 Microsoft Vista Facebook Platform integration presentation. Shows 
all the ways FB benefits from FB Platform. “Goals: To increase photo upload volume: reach 2 
billion photos in less than half the time it took to reach 1 billion. Change the ratio of photo 
uploaders to non-photo uploaders. Increase the number of photo uploaders as a proportion 
of the total Facebook population. Increase user engagement with the Facebook community. 
Increased site traffic...More active user base” etc. 


FB-00849659 - Zuck Sheryl Olivan and others discussing Tinder recruiter trying to poach a 
Facebook exec as CEO. 


FB-00849753 - Vernal Nov 2014 all hands meeting notes preparation, key accomplishments in 
2014 “PLAT: Reset our developer narrative; PLAT: Grow our ads and ad network business; 
PLAT: Build out a consumer payment product” 

FB-00850367 - Vernal Oct 2013 “Business side of platform remains strong. Encouraging 
progress on core UX, but still drowning with legacy features, so working through a painful 
process called “Platform Simplification” to enable us to move faster in the future.... 

Parse...team integration is still at-risk. Founders don’t feel 100% bought in yet. Continuing 
to work on maintaining motivation and resolving personality conflicts. Also working on 
starting to integrate their offering with Facebook tech (starting with analytics). This is most at- 
risk area.... API + Tools (goal: support platform, solidify core, drive developer happiness). 











Working on a big set of changes to legacy behavior to make platfonn more sustainable for the 
future, targeting January. Need to do this before next f8 (April). Change is risky because it’s 
disruptive to an already skeptical ecosystem.... Unlikely that Doug Purdy is in a platform role 
past Feb/March (he will stay at FB for the right role). Vladimir Federov has been in same role for 
5+ years. Me: I’m doing too many jobs. Stepping away from day-to-day of platform and 
asking Doug + Vlad + Maria to drive.” (Cox email Aug 2014 asking “how things are going 
with Maria / what the status is there. Can I help at all? FB-00850440) 

FB-00851112 - Zuckerberg email to Vernal May 2014 with comprehensive strategy for the FB 
messenger business and product. At FB-00851118 Zuckerberg says they are working with Uber 
on hailing and paying for an Uber within FB messenger (perhaps reason FB doesn’t enforce 
against Uber. (FB-00854417 Olivan responds to Zuck message) (Bos and Sheryl reply in FB- 
00854432). 

FB-00853387 - Zuck vernal Lessin June 2014 discussing Here and Now product for Facebook. 
Zuck writes long email about new FB redesign. Lessin asks if Javi will be ok w it? Just shows 
who the decision-makers are. 

FB-00853586 - June 2014 Federov email to Vernal giving insight into reasons for eventually 
shutting down Parse. “Parse Brand - while the brand tracks positively with developers, it is 
completely independent and hasn’t generated any effect on the primary Facebook brand. It 

largely appeals to tail end of developers which appreciate the fact that the service is free 
and really easy to get started on. Continued growth of this brand is unlikely to have any 
direct returns to Facebook and because of the limited appeal connection it is unclear we will 
want to roll out new feature under this brand. Team quality - team quality after a year of 
observation is about average to below average for Facebook. While the team has some 
unusual strengths - it also has a set of unusual weaknesses. The most concerning are level of 
engineering quality (URL) and ability to work with other teams. Strategic value - the truth 
is that if any of the services offered by Parse become necessary to the business. We will 
build them better and with a smaller investment on FB tech. The primary value we derive is 
continuity and the connection to the developer ecosystem. These don’t grow proportionally with 
increased investment. We are unlikely to be able to generate revenue either via ads, via 
connection to search or via charging for the product. Effect on other acquisitions - we should 
make sure we don’t chill other potential acquisitions that maybe strategic and we should 
have continuity in our developer message. These two reasons are primary drivers for not 
shutting the service down. Supporting FCL - Parse is not the most effective way to build up 
a scalable backend. It is harder to start with non-scalable backend build on a different set of 
technologies than to start with known/validated set and expand it. Just the amount of learning 
and investment in MangoDB alone makes this cost ineffective.” 

FB-00853592 - June 2014 string between Federov and Vernal - Vernal asks “Sounds like they 
need exactly what Tinder needs?” Federov: “You need to know if the connection is your current 
gf or bf or someone you don’t like” Vernal: “Can we find a way to make that more efficient? Eg 
could we have a FoF API for app users?” 



FB-00853747 - May 2014 Federov asks Vernal if he has an opinion on “Net” an app that lets 
people send e-cards to friends that include an amazon gift card. Vernal says he doesn’t think they 
should make exceptions, implying to not allow “Net” to do that. “We are going to shut down 
gifts. But, still, I’d just say we’re moving away from birthday apps.” Federov: “However in 
Coffee meets Bagel - I want to give an exception to all dating apps ©. The proposal will be 
centered around by vertical exceptions. I think “dating” is the first and only for now”. Vernal 
says that’ll be tricky but to share his proposal. 


FB -00853751 - May 2014 Liu and Vernal chat string. Liu: “General consensus is to try to avoid 
a developer opt out, but Zuck to make the decision on stability.” Discuss a small meeting with 
Sheryl, Zuck, Vernal, Boz and Hudack. Liu: “Anyhow it comes down to he memes and stability 
language.... Sheryl asked us what a few of us thought. I prefer not to have opt out unless we 
must (say otherwise have to wait two years). But the memes could hit us either way.” What is 
this about? 


FB-00853780 - graphs tracking a variety of KPIs. Not legible. No date. 

FB-00854009 - After F8 2014 Vernal sends mteam update where he says there is no business 
model to build an App Store that competes with Google and Apple (10). 


FB-00854056 - MAY 2014 FB employee sends note “NPS has gone down significantly in the 
US”. Up among NEKO developers (-14 last quarter to -6 this quarter). 


FB-00854613 - Zuck Thaw Vernal April 28, 2014 discussing final edits to Zuck F8 speech. 

Zuck is making edits in the email string. Zuck suggests using “love” to finish his speech about 
putting people first. Employees talk him down kind of. Follows up on FB-00854642 Zuck 
discussing speech with Federov Vernal and others - friends data discussed on 46-47, 
misleading phrasing about letting people control and everyone having to choose for 
themselves that was changed from a few days prior. FB-00854659 - April 24, 2014 discuss 
friends data section of zuck’s f8 keynote, (friends section is highlighted - who highlighted it?). 
On 67 it says “You control your data, your friends control theirs. Going forward, friends 
cannot share your info. Only you can share or bring your info to an app.” THIS IS NOT 
WHAT THEY ENDED UP SAYING. The next update says “visualization of friends info or 
words that say “Less Surprises”. Going forward, everyone has control over having their 
information shared with apps. Now, friends won’t be able to share your information or interests 
on your behalf. People can still experience apps with their friends, but you decide what info you 
share. That means you can share your photo albums with apps, but you can’t share your friends’ 
photo albums. And when people log into apps, they can also decide whether to share their friend 
lists, and the app will only get people that it already knows about. We hope this will give people 
more comfort that they can share what they want with an app without fear.” Then on April 21 st , 
“Less Surprises” is changed to “More Control”. Vernal then suggests on April 24 another change 
that removes those phrases and says: “As part of these login changes, we’re also putting people 
in more control over when their information is shared with apps. In the past, when someone 
logged into an app, they had the option of not only sharing their own data, but also their friends’ 
data. We’re changing this so that each person gets to decide for himself/herself what data they 








share with an app. Thi swill enable all of us to continue building rich social apps, while putting 
people in control.” 


FB-00854633 - Vernal platform update on April 28, 2014 - first thing he says is we are 
removing the ability to grant friends data. 


FB-00854672 - April 23, 2014 Sukhar making a push with Vernal and Federov to get into 
F8 speech that Facebook stabilized platform even for competitive apps. Vernal asks “how 
acute an issue do you think it is in the ecosystem. E.g. if we mention it in the keynote, it seems 
like it has a high likelihood of “breaking into jail”. Sukhar: “I don’t disagree. I think it would 
just be a modifier on the stability guarantee rhetoric, “no matter what you’re building.... I 
think that we’re all in agreement that it risks breaking into jail. The question is whether 
it’s worth it to solidify our message/positioning on the Platform. I don’t really know. 
Probably not but we don’t have a good alternative.” Vernal: “I don’t think we’ve even have 
a slide on this “Open to All!” Too prominent. So we’re really arguing about a sentence in 
the script, I think.” Sukhar: “To be clear, I’m not arguing that we should do it. ©” 

Federov: “I think we should do it but not in the keynote.” 


FB-00855011 - April 10, 2014 can cancel PS12n meeting because covered in the login review 
meeting. 

FB-00855264 - task to remove implicit platform stories March 31, 2014 - “Goal: Move the 
developer ecosystem to an explicit story model without seriously damaging our key partner 
relationships or games business ASAP” (65). Purdy upset “I don’t think we are communicating 
clearly. I am likely going to call a meeting of the key stakeholders this week as there is too much 
discussion on this task. 1 We shouldn’t be saying anything about how we are removing these 
stories (special casing games/music for a little while), just that we are removing these from 
feed over the next few months. 2 once this change is complete, we are not going to ever 
show implicit stories in feed/ticker, we are going to use the implicit actions to create special 
game and music recommendation stories. If the vertical is important enough, like movies 
maybe, we can do the same thing.” He really means if the vertical is unimportant enough. 
Purdy is responding to Chang saying “I think this is even more so why we shouldn’t spell out 
how we’re changing newsfeed algo in the reactive partner msg as it will make it very clear 
that we’re being inconsistent in our standard and arbitrarily controlling nf distro for 
partners.” 

FB-00855464 - Vernal March 28, 2014 “if we had a solid theory about why time spent in 
Facebook-connected apps drove growth, engagement, ads, cost, or utility, then we could then just 
focus on ways to make Facebook-connected apps better/more engaging. If we don’t have that, 
then there’s no logical argument for investing heavily to make third-party apps 
better/more engaging. We could do it out of altruism, but that argument is hard to justify 
resources at scale.” Sukhar: “Is strategic leverage a viable axis for thinking about this?”. 


FB-00857872 - Purdy suggesting coupling login v4 and sharing v2. Ilya recommends against. 
Discuss preparing a presentation for Vernal Cox Zuckerberg. 







■ -00858137 - Purdy, Vernal, Bao, George Lee analyzing revenue impact to removing implicit 
newsfeed stories. Bao says “you’re ok w/ killing —1/3 of feed traffic? (implicit og is 1/3 and 
stream publish is 'A) even if so, I think Cox / Nowak would push back and say they want to kill 
ah implicits. So what would you want to do for stream publish?...i think this makes sense [that 
devs use stream publish]. A rational dev should publish implicitly as much as possible for 
distribution benefit.” George Lee writes: “I think we’re also missing the impact to developer 
sentiment (not just the quantitative losses of their stories). I get emails frequently (and sat 
down with some important and unhappy devs this week) about how feed distribution is 
inconsistent and dying. You have to remember that our partner managers are still selling 
products that we ask them to sell, so when it comes to feed integration we’re still telling 
people to use OG. The last f8 was all about implicit OG, so while we may have decided 
amongst ourselves that this is no longer the future without an alternative we don’t have 
anything to tell current devs (so partners continue to tell them to use OG and they continue 
to integrate it). I believe we’re at a tipping point here and if we don’t manage this correctly, 
people will leave canvas at an accelerated pace just because we’re thrashing them. I’m 
actually not a fan of implicit sharing and believe we need to shut it down, but I do think we’re 
being irresponsible to our developers if we just flip the switch and say we’re sorry (I express this 
to Nowak last week). We cannot be a platfonn that developers believe in if we keep ripping 
bandaids on a whim. IMHO, we should breaking change this OR lower the distribution over a 
window fo time while we figure out how to offset the losses with some other distribution channel 
or better ranking of explicit shares.. .And IMHO, we need to do it in a way that shows respect 
for our partners given that we sold them on OG in the last f8 and that they put lots of time 
into building these integrations. The reality is that the action itself is going to cause more 
pain than the traffic itself might cause.” Bao says “I had not assumed we would turn off 
implicit sharing but defer to Doug on whether this is a given at this pt”. Lee “Cox wants to kill 
it and no one on the platform side really is an advocate for it. We’re defending it as a 
mechanism to not hurt partners, not because we thi nk it is a good product.” 


FB-00858174 - Jan 2014 Vernal chat with his admin about setting up a meeting with Mark to 
address the “Dating Use Case” (75). 


FB -00858489 - Jan 2014 chat with Bao and Vernal. Bao: “another extreme that Cox will push 
for is to remove app posts immediately from news feed. I think our opinion here is that this 
would be unprecedented developer thrash and unacceptable.” (90) Bao proposes compromise of 
bundling this into the login v4 + psl2n launch, “it’s bundled into the 1-time user trust narrative 
and dev thrash”. 


FB-00860632 - Platform trust open group within Facebook (December 2013). 224 members (9 
new). What is this? 

FB-00861286 - Vernal Purdy Federov Dec 2013 discussing “build” pillar of Facebook Platfonn 
and strategy going forward. Purdy notes that “Mark decides all these things”. (87) Interesting 
discussion of Purdy pushing for Parse acquisition, Federov recommending against and Federov 
being right. Parse is almost a write-off at this point. 








FB-00862566 - Dec 2013 Purdy complaining to Vernal that he is failing, family falling apart and 
he is not the right fit to run Platform because he is not passionate about developers, etc. 


FB-00862605 - Platform 3 year plan document that Ilya presented to Mark that was not adopted. 
Focused on building a $5B revenue developer business by end of 2016. 


FB -00864023 - Dec 2013 Purdy sends a note to Vernal and Zuckerberg describing 
announcement of Login v4 and bundling of PS12n and friend permissions removal on 1/31 as 

“part of a comprehensive user trust ‘moment’. We will make a really strong case that these 
changes are net good for our shared users and the overall ecosystem, even if they require 
developers to modify their apps and/or lose functionality from previous versions of Login.” 


FB-00867074 - Kevin Lacker writes email to Vernal Nov 2013 “Re: what are the bad things that 
we are doing?”. Original email from Vernal not included. Where is it? Vernal forwards to Purdy 
and Federov saying he never wrote back and asking what he should say. Lacker: “Removing 
global identifiers from user objects. We should just not do this.... Removing last name from 
friends. This will make it impossible to build a UI to pick a friend in a way that users can 
understand who they’re picking.. .This is going to make it hard to build cool stuff in the future, 
annoy developers who do display a list of friends, and not really help much....” Notes that they 
are enforcing their policy against pre-fill inconsistently. “Permission review. You need a ‘good 
reason’ to ask for a permission. First of all, developers are going to hate anything that 
requires an extra review process. Secondly, our definition of what is ag ood reason to askf 
or a permission is going to diverge wildly from what external developers expect, from our 
past messaging, and between different reviewers. If a developer uses extra information 
about a user to customize an experience, but not in any way that’s visible to the reviewer, 
and they claim that it just lets them tune the content they display a little better, is that good 
enough? It makes sense to me as a developer - that’s how you make an app more social. If 
you haven’t built a feature because you need N users to opt into showing some data before 
it’s worth it, is that good enough? It makes sense to me as a developer as well. But both of 
these are things that many folks want to reject developers for. If you really want to ask for 
extra permissions to suck down huge amounts of data, you can work around this by adding 
some teeny bit of functionality that uses the data. So it won’t fundamentally improve 
things. We should pull back the scope of permission review to the ‘whitelist / partner/ type 
APIs, not the stuff we view as core to the platform. Policy review. This isn’t fundamentally 
bad, but our policies are not good and we are escaping greater pain by not enforcing them 
too strongly. I’m aware of #4 and #6 and there’s probably more. So if unified review causes 
us to insist more that our policies must be obeyed, it’s going to cause pain around our bad 
policies. We should roll this out in a way where apps can appeal and not immediately get 
their development halted and expect to change several more policies early on in the review 
process.” (Vernal Purdy and Federov previously discuss whether and how to bring Kevin into 
this in FB-00875573). 


FB-00870000 - Purdy email to Maria Giudice, Vernal Federov Nov 2013 about how to reboot 
Platform using Parse. “Still don’t kn ow if I trust those FB guys, but these Parse guys are taking 
FB Platform to the next level.” Etc etc 





FB-00872116 - Purdy Himel Federov Vernal chat Oct 2013 - Purdy: “I actually think we want 
to frame psl2n as the next rev of Facebook login for developer and users..Flimel quotes 
Zuckerberg: “To start, what we’re trying to do is unlock new ways for people to share content 
and activity with the people they care about.. .Going forward, most apps are going to be social. If 
we can make Open Graph work, then they can be social and integrated with us in a way that 
makes Facebook and those apps better. If we can’t make Open Graph work, then those apps will 
exist anyway, but they won’t integrate with Facebook and as time goes on we’ll have access to 
less and less of the social content out there, which means our strategic position, importance and 
ability to make an impact in the world will decrease.” Purdy: “We need to be able to explain this 
to our team. “Using developers to help us connect the world” is one tactic that we have 
selected for the company (BTW: I think this Mark’s call to change that tactic for the 
company and he has delegated execution of this to Mike and by his proxy, us). How does 
Mike think about this tactic, what are the key products in this effort and who are the eng/PM 
leaders there? Those are the key questions here” 

FB-00872429 - Bao and Pratiti Oct 2013 email chain showing that Platform Trust is where they 
are storing data around user expectations around how third party apps work, etc. Get info on 
Platform Trust. 


FB-00877278 - Purdy chat with Vernal Sept 2013 - “Would you let me run at the media and 
fitness categories within the platform charter? Go after them and build alb business there like 
we have in games (which is still the only existence proof that we have that we can do 
platforms at all. You are only a platform in my book if you can sustain a architecture shift 
like we have from web to mobile in a big category).” Implying that no category other than 
games sustained the shift from web to mobile. Vernal then describes a few of the successes 
and failures from OG 2011. Vernal then writes: “I don’t think Open Graph has anything to do 
with Platform.... It’s a product we have on Facebook. We’re going to build out that 
product. We might eventually let developers contribute to Open Graph. We might even 
start that way. But it’s a totally different product.... I am committed to not having Open 
Graph and Platform be part of the same org, just fyi.... Open Graph is about getting all the 
entities in the world into the Facebook graph, understanding how people are connected to 
those things, and then using that graph to drive discovery.” (79). Purdy then asks if he can 
run Open Graph and says: “I mainly care about the product experience I want for a few 
scenarios: Music discovery/sharing, Video discovery/sharing, rWorld Running games, 
journaling/qualified self.” 


■ -00877968 - Purdy Vernal chat Sept 11, 2013 - Purdy: “getting the platfonn marketing 
message lined up and executed (which I want to step on the gas pedal on based on PDD and 
Mark today).” What did Mark say on 9/11/13? Vernal says Mark wants him to PM PS12N and 
Ilya confused about whether Vernal or Zuck is ultimate decisionmaker on PS12N. Mark docked 
Vernal on his review saying he only “meets most expectations” on PS12N “because it’s not in 
better shape”. Ilya wants to please Mark which is why he raises PS12N with him all the time. 
Chris Daniels asked Simon Cross to run point on PS12N deprecations across developer types. 
FB-00883105 - Purdy/vemal chat aug 2013 - Constantin drives P3 until Oct then Eddie. Eddie 
drives mobile links and then Ilya. 








FB-00883052 - PS12N Deck.key from Aug 27, 2013 - where is the deck? (FB-00883107 
Daniels reaction to the deck - doesn’t think user trust message solves the developer message 
problem, thinks P3 should be announced way before F8 “The rationale is that if we announce it a 
month before F8, then P3 may become the focus of F8.” Also FB-00883151 references Platform 
Simplification Deck.key and Platform Simplification Spec.docx 


FB -00883116 - Vernal August 2013 update to mteam: “Platform 3.0 -> Platform Simplification 
- going poorly, but investing a lot of time to turn it around. Context - our biggest risk across 
platform is trust. For users, this is fear of spam. For Facebook itself, it’s fear that we’re giving 
away data that helps competitors (messenger apps) and undermines our core business 
(stream.get and ads). For developers, it’s the fact that things are constantly changing - 
shifting sands - and that our documentation and bug handling is sub-par. We have been 
working on a set of projects to fix this under the name “Platform 3.0,” specifically: Login 
changes - see above; Deprecate non-app friend graph - limit this to restrict graph leakage 
while still enabling social apps. Deprecate friend * permissions - stop ability for one user 
to grant access for app to access another user’s data. Deprecate stream.get - stop ability for 
anyone to build an alternate NF experience (without ads). Unified Review - review all apps 
that are launched....So working on a proposal to dramatically curtail the surface area of 
platform to improve long-term reliability and stability for developers. Basic idea: Core: 
Publicly define a set of “core” APIs and commit to a three-year breaking change policy on these. 
That means what it says - we have to provide three years advance notice before we change 
these. This will be a huge shift for us as a company, but it’s really min-bar for what it 
means to be a platform. This would include core APIs around Login, Sharing, Users, Friends, 
etc. Probably 10-15% of our API today. Beta : Also define a set of APIs that are in “beta”. This 
means they may change more frequently. Potentially up our breaking change window here from 
3 months to 6 months. This would include all new launch as well as probably all of Open Graph. 
Probably 10-15% of our API today. Kill. Deprecate huge chunks of the API that are poorly 
maintained because product teams are not incentivized to do so - groups, events, photos, 
videos, albums, etc. We’ll always support sharing those objects, but we’ll no longer support 
reading them via the API. If it’s strategic for any of those products to keep those APIs around, 
we can - but we’ll transition ownership to that product team and require that they hit certain 
SLAs around uptime and bug responsiveness. This would be a really radical change, but I’m 
realizing is probably necessary to be able to deliver the quality we need to (alternative is to 
staff up dozens of people to maintain old, non-strategic APIs). Working through a proposal 
and planning to discuss with Mark tomorrow.” 


FB-00883372 - Vernal chat string Aug 2013 “What value do we get out of Platform? 
Concretely? At the end of the day, I think the clearest, most valuable form of value is content 
that we show in News Feed.” 


FB-00886786 - Sukhar Vernal Purdy discuss driving NPS in H2 Aug 2013. Sukhar: “Platform 
was all about organic distribution. We don’t have a similarly terse and coherent value 
proposition to offer folks at the moment.” Liu: “Our happiest developers for Neko are those 
who measure performance. They are the least likely to churn and most likely to spend big. We 
have done a detailed analysis of their spend patterns, and it is clear that the more they kn ow 
about our performance, the happier they are. I wonder if there is a way to extend that to the rest 





of platform. Developers will put up with bugs and issues if the value is sufficient. We need to 
find a way to articulate that value in some way. We used to demonstrate that with large up and to 
the right charts for apps like Viddy and Washington Post but that has changed. How do we 
articulate the value prop to developers now?” FB-00887642 - Vernal: “I think there’s a third 
theory: Our APIs keep changing and our doc suck” 


FB -00887836 - on 38, discussion of allocating mobile engineers to messenger 3.0 to build FB’s 
messenger product. Zuckerberg: “Is this resolved yet? We need to get this done today. Let me 
kn ow if there’s anything you need me to weigh in on.” Zuckerberg on 42: “I think we need the 
names tonight or tomorrow in order to be able to put this team together by the end of the week.” 
Javi: “Sorry that we need to do this on such a tight timeline. We need to identify the team this 
week if we want to realistically make the 9/26 cut.... That way Mark can make a call on Friday / 
we can start working on the feature ideally next week.” Zuck paused a project and reallocated the 
engineers. Raymond Endres updates Vernal. 45 Javi will share Mark this afternoon Aug 16 2013 


FB -00889028 - Purdy Aug 15 2013 “One of the issues we should discuss tomorrow is the 
NetFlix goat rodeo. Broadly, I think we failed in how we handle Partner APIs (approval to 
build and approval to launch) and how we inform the partner messages (and indirectly 
partners) about big pending shifts in Platform (in this case Platform 3.0). Would be useful to 
debug and ensure that we have the right processes in place to avoid this next time. Chris Daniels 
agrees. 


FB-00889856 - Vernal and Sukhar discuss the Next Facebook Platform as a suite of developer 
services that let you build an airbnb or Netflix using Facebook’s infra. Vernal says “Messenger 
is existential threat for is [us]. Making out [our] messaging app de facto web standard by 
integrating with all other apps out there.” Sukhar: “I think that natural tension would be the 
biggest risk” referring to the FB messenger team owning the messenger platform product. 
Facebook People Services is Sukhar’s proposal for expanding on the Parse mission. Described 
on 59. 


FB-00890531 - Vernal mteam note on Aug 12 2013. “Platform narrative: Based on feedback 
from Mark, realized I’m not doing a good enough job explaining to the overall company 
what we’re doing on platform, and how it’s going (people see parts, but not the overall 
picture). In reality, platform is really two different pieces - Open Graph, which is now 
much more of a consumer-facing product, and Platform itself, which is really about helping 
mobile developers build and distribute apps that span mobile OSes. Working with Doug + 
Ilya to create a simpler narrative here (e.g., “Help developers build and grow mobile 
apps”) to underpin both internal and external messaging. Still early, with Doug driving.” 
Then notes that Doug likely leaving for a startup at end of year. Describes a contact syncing 
bug where they were concerned about leakage to Apple and the growth team’s handling of 
the situation. Notes that Parse morale improved, likely due to stock price increase. 


FB-00890551 - aug 2013 Vernal asks questions about friend list? Or bao? “Instead of calling 
this “revocable friendlist” can we introduce a “friend list” or “friends” permission? In other 
words, I think we’re just saying that the friends edge is now protected by a permission, just like 
other kinds of edges. There’s a separate question about whether or not we bundle this as default 











or make it something developers explicitly have to ask for (I think it should probably be explicit 
permission?). But I thi nk that’s a cleaner framing? I don’t think we need to solve for the case that 
user A doesn’t grand [grant] friend list, but user B does, and now app knows A+B are friends. I 
think this should behave just like contact importing - if either side reveals this info to the app, 
it’s known to the app.” Mentions decoupling anonymous login from this as completely different. 
FB-00891933 TR Vishwanath replies with loginv4_plan.pptx Main bullets for server side 
implementation of this plan “1/Separate into 3 independent features (private mode, no friend list, 
revocable perms) that can be worked on in parallel 2/ Defer the call on whether private mode is 
anonymous or namc+profilc+pic after we do some prototyping internally try existing apps in 
anonymous mode. 3/ Decisions were optimized for not relying on any platform breaking 
changes.” 


■ -00894576 - July 2013 Vernal Hagman Purdy O’Neil Federov Koumouzelis discuss Unified 
Review launch. Koumouzelis describes plan of doing Unified Review in Oct 2013. Hagman 
agrees with Koumouzelis because it gives time before Q1 2014 when they will remove friend list 
and friend data permissions. Clearly the plan is these are separate projects that are launched 
independently. Purdy then responds: “The concern is that we are not moving fast enough to stop 
leaking this information or resetting the developer narrative and we are now slated to do an f8 in 
ql/q2 and we may want this change already rolled out before then. George/Eddie the friends.get 
removal need to be sync’d to our invite/messaging plan.” Purdy then emails Vernal that he is 
giving Koumouzelis the “Platform 3.0” work because he needs to “have something more than 
“Unified Review””. Pushback if you disagree?” Vernal: “Love it.” 


FB-00894975 - Archibong notifying Zuckerberg of rejecting spotify’s request for a 2-month 
extension to use app to user notifications. FB-00894984 - Purdy “line convinced me to change 
my default position. He doesn’t thi nk it will go to Daniel. I’ll handle it, if we are wrong.” 


FB-00894982 - Vernal Purdy Federov chat Aug 2013 regarding newsfeed API. Purdy: “Should 
we just add ads to the Newsfeed API and provide a easy way to post...?” Vernal: “For third- 
party apps, I think we just need to kill the NF API.” Vernal: “My point is we shouldn’t 
even be involved in that decision. It should be Boz + Cory.” Purdy: “So you think our 
contribution to this needs to be just shutting it down for 3 rd party apps?” Vernal: “Yes, 
basically.” Purdy: “and our role in your mind is to just pull back the public NF API and then let 
Cory (who owns the OEM relationships) and Boz (Ads revenue) handle it from there?” Vernal: 
“Yes.” 


|b -00894991 - Federov email to Rose, Purdy, Vernal, Justin O Chris Daniels Aug 2013, subject 
“Article about Platform that Mark liked”. Discussing developer perception that Facebook’s APIs 
are not stable and they change on a whim, etc. Federov: “There have been a few articles like this 
in a last few weeks. I personally think the one by the game dev comparing us to the circles of 

hell was the best written. This is an unfortunate meme that will hopefully burn itself out 
(maybe active PR response can help) but it is nothing like what we will face with next 
round of changes. When we roll out: 


-Unified review 

-Loss of friend permissions and thus access to friends’ data 











-Loss of non-app users in the friend list 
-Loss of stream access 


We will face a long and brutal negative press and developer relations cycle as it will 
completely kill a class of apps like Horoscopes, Half Birthdays, etc. Those developers will 
have nothing but negative things to say.” 

Ian Bogost, published Aug 1, 2013 http://bogost.com/blog/oauth_of_fealty/ 


Ian Bogost 

Georgia Institute of Technology 
Technology Square Research Building 
85 Fifth Street NW 
Atlanta, GA 30308-1030 
+ 1 (404) 894-1160 
ibogost@gatech.edu 


-00894996 - Sukhar Vernal Aug 2013 chat, shows how they are able to talk past one another 
without getting to their direct conflict. Sukhar tries to retain friend permissions, Vernal doesn’t 
have heart to shut him down, Sukhar says he will own. Sukhar: “What do you think about 
invites-via-messaging as a replacement for friend permissions? I think the current 
replacements are pretty anemic and [will] infuriate developers.” Vernal: “I think we need a 
much better invitation channel. And I think non-app friend data is a somewhat niche use case.” 
Sukhar: “Well, I think the way to think about this change is we’re forcing everyone to scrap 
their invitation UIs that are customized and optimized for their app. So I think we should 
provide an alternative that people look forward to. A carrot to make the move.” Vernal: 
“100% agree.” Sukhar: “So who owns the “let’s replace friend permissions” goal?” Vernal: “I 
think Vlad and what was Marie (so I guess Doug)” Sukhar: “Hmm, ok.” Vernal: “I agree with 
you, though. I think ownership here is maybe too diffuse bu[t] we agree we need a good 
messaging/invitation model to replace this.” Sukhar: “Yeah, Alright, well, maybe I’ll try to own 
that. I don’t think the current set of people is really sweating this at all. Talk to you next 
week about it.” Vernal: “And you think it is something to be sweated. Yeah, I agree. I’m 
frustrated by slow progress here and not having good replacements yet.” Sukhar: “Yeah, needs 
to be sweated bigtime. We’re taking away one of the most valuable APIs and positioning 
Social Context as a replacement. It just really isn’t.” Vernal: “Yep, it’s more than context, I 
agree.” Vernal: “I asked Doug to pull together a conversation next week re: this.” Sukhar then 
references the Ian Bogost blog post and says we can fix this and Vernal agrees. 


FB-00895694 - Aug 2013 Lee, Vernal, Purdy, Gupta, Marten discuss games payment financial 
forecasts. 


FB-00895713 - shows “content production volume per DAU by Payload type”. Photo 0.77141. 
On 14 it shows “Like Events per DAU by Destination Contenttype” PHOTO 3.2481. Same for 
comments on photos on 15. Ask if this shows photos information helpful to determining ad 
revenue from photos. FB -00895718 - shows raw volume of notifications from photos 
(generated, rendered, clicks / 1.2B, 2.4B, 348M) 











FB-00895812 - 276M photos shared on July 30 2013, 131M public, 93M friends, 15M FoFs, 
19M Only Me 

FB-00896034 - July 2013 Badros convincing Vernal to build a Facbook gifts product 
competitive to Amazon. 


FB-00899163 - Vernal all hands presentation prep July 2013. Focus second half of 2013 on 
Mark’s “formula”. Increase people on FB (growth Javi). Increase time they spend (engagement 
Cox). Increase utility they get (understanding Vernal), Increase monetization (ads boz efficiency 
jay). “When people actually have questions about this stuff- when they’re looking for a 
restaurant, or what to do this weekend, or what to read next - they’re not using Facebook. And 
that’s crazy. All this knowledge exists on Facebook. We should have the best answers to these 
questions. But they’re not using us today. They’re not using us yet.... Haven’t we been 
talking about this vision forever? Didn’t we launch Open Graph two years ago? ... We just 
need to focus on a few specific verticals and start making them better day-over-day, week- 
over-week, and month-over-month. We did this in the last half by focusing on music, 
movies, books, and we’re now pretty good at them. We just need to keep diving this 
problem into solvable chunks, solving the, and then moving on to the next chunk. The 
various entities teams across the company are focused on this for H2.... On Platform, one of our 
main goals is to get another 85M people to fill out their movie, music, and book tastes on their 
profde.... For years, the Platform team has built tools for developers. And the Ads team has 
built tools for advertisers. And we didn’t really talk. Most of our developers were also 
advertisers, but internally we were just focused on our silos - we weren’t thinking about 
how all this worked, end-to-end. A year ago, we started on this project called Neko. The 
idea was to combine our developer tools and our Ads system into a single product to help 
developers become successful advertisers on mobile. It was hard. Most people thought it 
would fail. In December of last year, we spent hours in that room (point to the Aquarium) 
debating whether to thus the whole thing down. We almost did. Why throw good money 
after bad, people kept asking? Then something happened. We hit a tipping point. We fixed 
that one last bug, and suddenly the entire system start working. And it’s been growing ever 
since. The Neko experience has taught me two things. First, we can be a great discovery product. 
I’ve installed dozens of apps via Neko that are really useful. A few months ago, I found this 
awesome app called ParkMe, which helps you find the closest parking spot in San Francisco. I 
would never have gone looking for that app. Never. But Facebook helped me find that, and it 
made my life a little bit better. Second, it’s working. It’s grown from nothing to $1.75M/day in 
nine months. That’s a $600M business in less than a year. That’s insane! And it didn’t cost 
us $600M to build it.... It was a small team working across platform + ads to build an end- 
to-end solution.” 


■ -00899169 - July 2013 Zuckerberg all hands script w feedback from Sheryl. Describing the 
“formula” and master plan to “Connect Everyone. Understand Everything. Build the Knowledge 
Community”. FB owns the graph. Cox script at FB-00899250 focus on engagement currently 
measured by feedback now measured by time spent. Time spent increases during major world 
events (Turkey 2013). FB-00899275 has all the scripts Mark Javi Mike. Javi talks about need to 
focus on messenger app and that competitors doing better. Mark feedback to not talk about 





competitors. Mark feedback to Vernal that he needs to communicate more progress on Platform 
and mention Mobile App Install Ads up front. Mark specifically discusses WhatsApp growth 
before they bought them, Javi says WhatsApp has been growing faster. 


FB-00899292 - Javi presentation describes “Onavo reach” FB-00899306. Compares 
WhatsApp, Facebook Messenger and main Facebook app in terms of reach and engagement 
using Onavo data. 


FB -00899796 - Notes +4 commitment to Parse but only +2 in plan. Org chart on 97 showing 
lessin and sandberg reporting to zuck, rose reports to sandberg, osofsky to rose. Vernal reports to 
lessin, ilya to vernal with promise of 24 employees under Ilya. Did FB live up to this promise? 


FB-00902103 - presentation on graph completeness, edges by surface, 25 og actions to complete 
graph for user. 


FB-00902119 - July 13 hsu asking vernal about the number of analysts to allocate to each aspect 
of his org - neko (3), payments, games, app services (3), og (4), login. Total of 16 analysts. 


FB-00903871 - chat string July 2013 Vernal, Spehar, Bao, Himel, TR Vishwanath. TR: “Mike 
wouldn’t this be possible if we allow the user to control which friends the app gets to see 
(similar to how the user specifies the audience ceiling?) There are a bunch of implementation 
and design issues to work out with this but it feels like this would give users control without 
telling apps how to work.” Vernal: “This is something we could explore (not just all friends or 
no friends, but some friends). I’m a little skeptical for a few reasons...” TR: “I think this is an 
area where control is lacking and makes the social experience less fun than it ought to be 
for the user.” Jeff Spehar says that Google+ does it this way. TR confirms with screenshots. No 
screenshots attached. 


FB-00904787 - Jun 2013 Vernal shares Platform retrospective. On 88 Open Graph “Stepping 
back, if you look at Open Graph vl (the last f8) there was some good but a lot more bad. I thi nk 
the technical + architectural work we did was actually pretty solid, but we clearly failed at the 
product experience.... The most obvious screw-up was that we were too aggressive in 
encouraging certain types of sharing, and that created terrible experiences (social reading, 
Video/SocialCam, etc.).... We designed the system so you could publish an action and we’d 
basically show it everywhere.... The stat I’m more happy about is that we’ve increased the total 
number of edges to movie/book/TV entities by 200+%.” Scaling up neko insights team because 
developers that track ROI on neko spend end up spending 4lx other developers. Reducing 
amount of data shown to customers on Neko ROI. 


FB -00905310 - Purdy comments on Platform to Vernal June 2013: “As free distribution is the 
primary reason that developers use this part of Platform, they get super frustrated when that 
changes unexpectedly, particularly when we give no notice and or guidance on how they claw 
back to the previous state.” Says they are not calibrated on what P3.0 is. “We are not going to 
remove APIs when we launch this, we are actually adding two new APIs: social context and 
recommendations. Once we have those APIs nailed down, we will move to drain down the use of 
the friends permissions.” On 12, David Weekly shares the feedback from developers with 

















Osofsky. “#1 You break my stuff. We don’t version our APIs and we don’t even prep 
developers new to our platform to the fact that developing against Facebook is an * 
ongoing commitment*. This is not the same as almost any other API or Platform on the 
planet.... Consequently, emails with the subject line “Operation: Developer Love” are 
guaranteed to give every FB developer the chills because they know the body of the 
message will communicate an unexpected new pile of work to throw a schedule. #2 You 
don’t care. Developers lack access to community & resources to share best practices 
coupled with evident favoritism.... We are obvious in showering undue love upon our 
strategic partners, visibly giving them private access to APIs that are mysteriously gated 
(n.b. Ads API, FBX, Buy Now) and secret roadmap guidance. But for an unmanaged 
developer, there is no effective forum to ask a question, no phone number to call, no IRC 
channel, no place to go. You can file a bug but it will get auto-triaged to closed because 
you’re a 1MAU app when you’re just getting started. You have to “get lucky” and happen 
to know someone who works at Facebook or gone to a rare event where you’ve actually 
gotten a chance to meet a Developer Advocate in person and gotten their contact info. (I 
was vigorously discouraged from carrying business cards when I joined - “people might 
actually email you!”). #3 It isn’t fun. Getting started with the APIs is a huge chore.... 
Unified Review is only going to increase this friction while Platform 3.0 reduces the utility 
of the APIs - the combination of which mean that Facebook integrations are going to be 
even less fun by the end of the year.” 

David Weekly https://www.linkedin.com/in/dweekly/ 

FB-00905314 - June 2013 Vernal to Hagman Purdy Federov Rudolph “I’m worried about our 
ability to truly remove friend data permissions and break marquee partners. Default 
assumption is we’ll have a whitelist of apps. I’d like to work down that whitelist over time 
so we can eventually be consistent overall. On 16, Hagman notes that 17% of the top 330 
apps with over 50k MAUs that use friend permissions are major brands / partners. 9% 
photo apps, 8% mobile platform integrations, 3% calendar bday, 7% dating, 7% horoscope, 63% 
other (gifts ecards news books music travel deals). 

FB-00905318 - June 2013 Removing friend permissions from Waze now that google bought it. 
Archibong to Osofsky Purdy Vernal: “Given Google’s purchase of Waze, Dhiren and I will hold 
off on our weekly conversations with them until we decide how we want to engage with them 
going forward. We’re pulling the data on their API usage now and will socialize it with this 
group by EOD.” Dhiren: “Waze is not whitelisted for too many things - they are on the 
deprecated requests whitelist, but that appears to be all (they don’t have Titan messaging, 
shielding from rate limits, etc.).” Some stats...45M API calls per day, 40M users total. Purdy: 

“So they call friends.get or other extended permissions? If so, we may want to consider ramping 
those back. We have been through this before with Slide, if memory services.” Archibong: 
“Correct. They call friends.get and other extended pennissions - e.g. Events”. Purdy: “Broadly, I 
think we should be consistent with other google apps that use platform. We need to be careful 
that there is no or limited press blowback if we decide to do something here.” Dhiren: “What do 
we mean about extended permissions in this context? Some of this stuff is of course available to 
any developer that is granted permission by the user, such as getting events, groups, etc.” Purdy: 
“we treat google apps differently than other developers.” Vernal says to maintain their access. 




FB-00906208 - June 2013 discussion of Amazon Platform Proposal for data sharing 
FB-00907024 June 2013 Vernal Lessin chat where Vernal preps Lessin for mtg 


FB-00908019 - June 2013 Zuck asking Vernal how many engineers required for platfonn and 
ads for a context tool (?) 


FB-00908514 - starting on 19 to 17 Daniels states that “the state of our partnerships with 
Amazon, Bing, Xbox, Sony and Comcast all point to me that partners are not seeing value in our 
current incarnation of platfonn.... On the OG portion of platform, I thi nk that developers are 
reasonable with their discomfort around two things: 1) data portability, 2) use of their data for ad 
targeting. Note that on #1, we aren’t consistent with our own policies as we require quarantining 
of contacts. On #2, we expressly prohibit any of our data being used in an ad network, but I think 
that a developer could target based on info we give them.. .we just don’t give deep data to 
anyone of enough size that it is useful for them so the situation is not analogous. I think we 
should consider dropping our requirement on data portability so that one developer 
doesn’t fear FB being a data passthrough to a competitor.” THIS IS THE 
CONSEQUENCE OF FULL RECIPROCITY. FB DOMINANCE. Vernal on 16: “I think 
we are mid-way through a painful transition. We gave away a bunch of stuff “for free” 
historically (data, distribution) and we’re now making you “pay” for it via reciprocal 
value. I think the confusing thing here is that we haven’t really announced these changes 
publicly/broadly yet...but we know they’re coming and so in long-term negotiations with 
key partners we’re trying to lock them in to the model that is going to be, rather than the 
model that currently exists. That makes these negotiations difficult, because they look at 
what the general platform is and think we’re giving them special negative treatment. This 
will be a lot easier when we broadly announce our policies (and once the implementation 
mechanisms, e.g. action importers, are seen as value-add rather than taxes).... For 
competitive services - unless we very narrowly define what this means, then no, I don’t 
think we can sign-up for this. E.g. I think we could sign-up to not hosting / selling music 
directly (where we were merchant of record) or selling video / video subscriptions (again, 
where we were merchant of record), but I’m certain we will be facilitating the sale of this 
content within the next 2-3 years in an affiliate and advertising-oriented way. If they view 
that as competitive...well, they’re right. We are going to be doing this in the next few 
years.” 


FB-00908900 - May 2013 Bing employee Ian Lin checks with Monica Walsh about doing 
image recognition on 285M images per day. Federov responds to Walsh that technically it’s 
not a problem but he has concerns about allowing them to do this. Vernal says: “We already 
support this feature, right? And Google+ does this. Are you saying that, in response to 
them asking for higher-res photos, we ask them to remove this feature instead? I don’t 
think that’ll fly.” Federov: “Do we already allow them to do face recognition on photos 
they get from us? “When they say “image recognition,” do they mean facial recognition? I 
agree we can’t let them do facial recognition?” 







FB-00909570 - June 2013 - Spotify whitelist removal discussion. Give Spotify special treatment 
and then take it away. Deezer and Pinterest are emailing complaining Spotify is able to push App 
to User notifications but they aren’t allowed. Archibong: “Some historic context: (1) Last year, 
this behavior was happening for a while across all our non-game/non-canvas partners until we 
tried to put the hammer down. (2) Spotify complained to Zuck; and at the point we thought 
we were going to build a solution for non games apps - so Zuck told them to wait for that 
solution. (3) We never built that solution, so they started publishing A2U notifs late last 
year which are now being regulated by our CTR thresholds. We’re now in the situation 
where Deezer and Pinterest have pinged us in the last 24hrs saying...”How come Spotify 
can do this, but we can’t? We’re going to build a canvas redirect too.... If we need time to 
make a decision on [enforcing against non-canvas non-game apps] then I think from a 
partnerships perspective its important that we don’t treat our top partners differently, and we 
need to let the Deezers and Pinterests of the world get away with building canvas apps just to use 
A2U notifs - even if it’s just temporal until we bring the hammer down. Let us kn ow if you 
disagree, otherwise we’ll signal to Pinterest and Deezer this weekend that we’ll be turning a 
blind eye to this behavior for now, but reserve the right to enforce real soon.” Seng Keat 
Teh: “We shouldn’t have whitelisted/given them this then in the first place. Thi sis just another 
thrash in a long line of thrashes we have given them.” Archibong: From my recollection, they’ve 
always kn own that we’d revisit this decision if/when necessary. Agreed that its never fun to 
thrash partners, but they know that one-off like this aren’t long term strategies for our 
integration/partnership. I’ll help with this conversation with Spotify.” 


FB-00913670 - May 2013 Vernal and Purdy discuss “Rolling out the New Platform Narrative”. 
Purdy expresses frustration that if Vernal has clear narrative he should just discuss with 
Marketing, PR, and that this is a waste of his time. 


FB -00915336 - Zuckerberg May 2012 email to Vernal, Lessin, Purdy others regarding Open 
Graph. “The third choice, and best interpretation of where we are now, is to make it [Open 
Graph] valuable for developers and somewhat valuable for users. This will work - at least 
for a period - but making it valuable for developers means giving them lots of distribution, 
which means they eventually are less reliant on us, and if user demand for the product isn’t 
particularly strong, then they will eventually try to and may succeed at weaning off.” 


FB-00915984 - growth dashboard from April 2013. Not legible. 


FB-00916452 - Vernal message to platform engineering team Apr 2013: “User Trust - now that 
we are close on GDP 3.0.. .we are exploring more ways to improve user trust. Exploring some 
ways to make logging-in feel different, lighter-weight.... Platform 3.0 - spinning this effort back 
up after pausing it for Ql. Key changes: introducing unified review, removing friend * 
permissions and data access, removing Facebook-replacement APIs (e.g. Newsfeed, Messages).” 
Shows that trust and platform 3.0 were two entirely different things in April 2013 


FB-00916653 - Schrage sends note to Purdy about http://andrewchen.co/why-developers-are- 
leaving-the-facebook-platform/ . And says; “Fyi-from a friend... .hanging out far too long at the 
top of hackemews (fyi - I agree with most of it. Working on the fb platform is pretty 
brutal).” 







Attitudes towards the Facebook platform have changed 

Recently, Bill Gurley of Benchmark wrote a great piece on how platfonn companies like 
Facebook, iOS, Android, eBay, and others manage the ecosystem around them. It’s an important 
essay and I’d recommend you all read it. I found myself nodding my head as Facebook was 
discussed. In recent conversations with fellow entrepreneurs in Silicon Valley, it’s become a 
common belief that Facebook has become an undesirable platform for a startup to build their 
company. 

Last month, I even heard one prominent VC even went so far as to say: 

If your audience comes primarily from Facebook, that’s just uninvestable. 

Ouch. 

That’s a big shift from just 3-4 years ago when everyone was building Facebook apps and deeply 
integrating it into their products. I remember visiting a floor of an incubator where the head guy 
proudly said, “Everyone on this floor is working on Facebook apps.” And everyone thought that 
there was going to be a new thing, the “social OS” that was going to be the next layer of the 
internet. 

So what happened? Why have developers soured on the Facebook platform? 

Multiple factors in this analysis 

The summary of the reasons why developers have increasingly left the Facebook platform for 
other platforms: 

• Lack of virality 

• Higher ad rates 

• Constant retooling 

• Competition 


The feed is finite 


• Mobile platforms are the new sexy opportunities 

This essay tries to elaborate on each of these reasons. Perhaps this will be educational for future 
platforms in how they work with developers, and hopefully Facebook will ultimately come to fix 
these issues. I don’t agree with all of these opinions, but in the spirit of comprehensiveness I’m 
going to document all the POVs I’ve heard. 

Lack of virality 

When the Facebook Platform first launched, it was the Wild West. You could do almost 
anything. I remember hearing that a lot iLike’s growth at the launch of the Facebook platform 
was because they figured out you could set up an invite screen with all your friends’ names pre¬ 
checked, and people would just click OK. It’d invite all of their friends, and the apps grew very 
fast. Turns out that sucks for UX, and it makes total sense for Facebook to turn that off, even if 
developers would rather have it there. Same with Zynga, and same with Viddy. 

But now that those channels have all been dialed down, mostly for very legitimate reasons, it’s 
hard for even app that’s a “good actor” in the ecosystem to achieve sustainable viral growth. 
Many of the channels that existed last year no longer exist today, and they were taken out 
without replacements. So now that the excitement has faded, we’re back to launching mobile 
apps on Techcrunch and hoping to ride the iOS charts- that still seems to work for some people, 
and developers have started focusing there. 

Higher ad rates 

One way to view acquisition on Facebook (and Google, for that matter) is that there’s a organic 
marketing channel (via feeds and search results, respectively) and a paid channel, that blends 
paid content into the organic stuff. Back a few years ago, there was a ton of undervalued ad 
inventory on Facebook and a lot of companies went nuts on both the organic and paid channels. 
This was because Facebook took the long view in building up their ad infrastructure, and let 
people bid it up over time rather than sticking AdSense on all their pages. Facebook does 
a trillion pageviews a month, so it turns out there was a lot of cheap ad inventory. A lot of 
developers and advertisers were able to buy a ton of traffic cheaply, and arbitrage it against their 
virtual goods or ecommerce businesses. 


That arbitrage began to fail as ad rates went up. And with decreased virality, the effective cost 
per customer also went up, because you were getting fewer “free” users as well. So now in 2013, 
that arbitrage is a lot harder to do profitably. In many ways, you can look at Zynga and Groupon 
as very successful one-time arbitrages on Facebook’s 1 trillion pageviews/month. They were 
able to buy 100M+ customers a few years back, but now that new user acquisition is much 
harder, they have to look elsewhere. 

Constant retooling 

I’ve heard the joke that the “Developer Love” email is scariest email you can get from Facebook, 
because it’s the one that tells you that your app needs to be substantially updated for a new set of 
APIs. Facebook has an amazing engineering culture driven by “Move fast and break things” but 
that means some of those things are often their developer partners’ apps. And you need to move 
as fast as Facebook to keep up. Just look at the Developer Changes page to see how often new 
things are released. 

Part of this retooling means that there’s a maintenance tax on whatever app has been created on 
the platform, since you have to pull your prized engineers off their projects to do constant 
maintenance and reintegration into the new viral channels. That’s just to keep up. It also means 
that what works today may not work tomorrow. If you are making important decisions on 
staffing, business models, financing, then a lot of uncertainty is introduced because your business 
might get disrupted by platform changes happening in a few months. 

Competition 

It also turns out that at least for some categories of services, Facebook actually thinks about the 
competitive aspects of their product and it’s not just a completely open platform. If you talk with 
folks who are working on messaging or photos or even walkie-talkie apps, you’ll hear stories 
about how apps have been shut down. Turns out, especially because so many folks are working 
on mobile these days, that a lot of overlap gets created. I’ve even heard that Facebook isn’t 
letting some messaging apps buy advertising on their platform - not just turning off the APIs, but 
actually refusing to accept money for ads. Pretty interesting stuff. 


The feed is finite 

Many of the distribution issues on Facebook have to do with the fact that the feed is finite. A 
person will only look at the first 10 or 20 stories on any given visit, and anything you put into 
that grouping takes something out. This leads to all sorts of problems, because as users spend 
more time with Facebook, all sorts of new activity increases: 

• They “like” more pages 

• They add more friends 

• They “subscribe” to more celebrities 

• They try more apps 

• They sign into more apps with Facebook 

All of this means that there’s more potential things their newsfeed algorithm needs to sort out. 
Not only are there more actions people are taking, but there’s more advertisers buying “likes” 
and app installs. You end up competing with everyone else for a spot on the feed, and it’s a zero- 
sum game, as Michael Dearing pointed out to me on Twitter. All of this leads to the marketing 
channel getting saturated, which I’ve written about in my essay Law of Shitty Clickthroughs, and 
makes the channel less attractive as time goes on. 

Mobile platforms are the new sexy opportunities 

And finally, the very obvious thing is that developer attention has shifted over to mobile because 
that’s where the new successes live now. You might have read, for example, of Supercell’s 
recent $130M raise valuing the company at $770M. When’s the last time we heard about that for 
a Facebook app? And how many investors are willing to fund “Facebook apps” now? In my 
conversations with people, there’s still a lot of perceived opportunity in mobile, and people feel 
like there’s enough stability. 

What’s next for the Facebook Platform? 

The Facebook Platform has been an amazing success, in a lot of ways. No other company, with 
maybe the exception of Google, has given away so much free traffic to developers while asking 
for very little in return. So let’s not all be whiners here. Years after the platfonn launch, a lot 
has evolved, and as a community we’ve all learned a lot. One of those lessons: What makes 
developers happy and what makes for a great UX are very different things. Same with what 
makes Facebook a good business, rather than a platform for developers to suck out users. 


Can Facebook regain the excitement around the platform that they had years ago? I think the 
answer is yes, but I think they have to figure out what kinds of apps they want build up on their 
platform, and really make those partners successful. Show us the existence proof that you can 
build something big and sustainable on there. Microsoft was an incredible platfonn because it 
spawned multiple public companies that built upon them - regardless of the fact they’d chase 
you down once you proved there was a billion dollar opportunity :) I think if the developer and 
startup community starts hearing about big successes on Facebook again, people will try it out. 
But in the meantime, the attention has shifted to where big opportunities are now, and that’s iOS 
and Android. 


FB-00917684 - Platform 3.0 summary doc from April 2013 (Purdy sends in an email to Vernal 
FB-00917682). Says that they will announce the changes in late June and they will go live in 
early October 2013. “We are removing a few data fields that are used primarily to recreate the 
Facebook experience. Specifically, the ability to request permission to read data from a user’s 
stream, notifications, and inbox will only be available as part of a whitelist to select partners.... 
Separately, people can continue to share their Facebook friend connections, but only for those 
friends who are already using the app. This way, people can tell an app that they are friends with 
someone using the app, but not share their entire friend list. This better meets peoples’ 
expectations on how their information is shared. For example, people shouldn’t have to share 
their friends’ likes and interests with an app because the app would already have that information 
from when their friend chose to connect to the app. For developers that utilized friend 
information for invitations and recommendations, we are introducing new APIs (Suggested 
Friends API and Recommendations API) that you may use to power these scenarios.... “As 
we’ve said, we are committed to ensuring our platform is used to create rich social apps, not as a 
data export tool, or as a way to build products that replicate our functionality.... For example, a 
photo editing app can request access to a user’s photos, but must also make it easy for a user to 
share photos back to Facebook. Further, if an app accesses the user’s friend list, they must also 
make an option prominently available for users to publish the social actions they take in the app 
back to Facebook. In order to help developers comply with this policy, we are introducing a new 
API, Action Importers.” 


|B -00917791 - April 2013 Purdy’s reaction to full reciprocity. “We agreed to let all apps use 
(basic) login and sharing (including messenger sharing now) without reciprocity, correct? 

Rhetorical.,.. If that is the case, why would any mobile social app implement full 
reciprocity? They don’t need the friends graph (or app friends) as it is on the phone. They 
get the organic distribution from newsfeed. Invites are from messages. Why would they 
take the cost of implementing full reciprocity? What is the upside? Why not just take that 
money and buy Neko ads? What is the killer growth/product scenario for app friends? 3. 
Another question, are we going to require canvas game developers to publish back all the “social 
actions” they generate for a user if they read the friends graph? Or does the use of payments 





mean they don’t need to do so?” SHOWS FULL RECIPROCITY IS REALLY JUST 
EUPHEMISM FOR SHUTTING DOWN DEVELOPER ACCESS. DIG UP FB LETTER 
SAYING THAT EXECS NEVER USED THE TERM RECIPROCITY. 


FB-00917804 - Apr 2013 Vernal Purdy trying to remember the full reciprocity discussion from 
2012. Purdy sends summary of app review guidelines. “Principles. The fundamental principle 
that governs Platform usage is a simple concept: reciprocity. Reciprocity involves a 
equalible value exchange between a 3 rd party developer and Facebook. This value exchange 
involves one of the following from developers: high-quality experiences that FB users can 
use to tell great stories to their friends and family on FB and/or monetary value in the form 
of revenue sharing or direct payment. In return, Facebook offers a developers access to our 
Platform. When considering the implications of reciprocity it is important to note that a 
second order principle quickly emerges: competitive access. There are a small number of 
developers whom no amount of sharing to FB or monetary value can justify giving them 
access to Platform. These developers do not want to participate in the ecosystem we have 
created, but rather build their own ecosystem at the expense of our users, other developers, 
and, of course, us. That is something that we will not allow.... Strategic competitors: we 
maintain a small list of strategic competitors that Mark personally reviewed. Apps 
produced by these companies on this list are subject to a number of restrictions outlined 
below. Any usage beyond that specified is not permitted without Mark level sign-off.” 
RECIPROCITY IS ABOUT ADDRESSING COMPETITIVE THREATS. Vernal responds: 
“As the inventor of reciprocity, I think the vision I had for this has gotten distorted a little 
bit... The world I (strongly) don’t want to be in is the “if you want to use our APIs, you 
have to publish data back to us (even if it doesn’t make sense for your app).... “Social 
reciprocity” is what we called “total reciprocity” in our conversations w/ Mark.” BUT 
THIS IS THE WORLD ZUCKERBERG WANTED FROM FULL RECIPROCITY. DIFF 
BETWEEN VERNAL AND ZUCK? 

FB-00917850 - Bickert shares enforcements of sexually themed apps and other crappy apps in 
April 2013. Vernal responds: “I saw some folks complain about Tinder. I know a bunch of 
people who think this app is really interesting / could be big, so before we decide to take 
any enforcement action against them, can you let me know?” 

FB-00918786 - April 2013 Rose Yao asking Mark for feedback on testing to get more photos 
engagement, notes that “we’re still down 2.5% on snowlift views and 1.5% on tagging 
sitewide.... One thing the photo team suggested testing is putting the Photos box above the 
About and Friends box.” Zuckerberg: “Hmm, I don’t think we should put photos at the very top, 
but it might be reasonable to consider putting it above friends.” USE TO SHOW THEY ARE 
TRACKING PHOTO METRICS AND SO RESPONSE TO REQUEST 78 (?) IS A LIE. 

FB-00919147 - Bickert takes on role of head of policy enforcement April 2013. 

FB-00920693 - Dave Wehner (now CFO, then VP Finance) March 2013 sends note to Rose, 
Ryan, Heaton about making an acquisition to beef up neko. “In addition, purely viewing this as a 
supply/demand business makes us less likely to be abel to strategically “lock in” developers to 
our API. We would also have the benefit of providing a combined FB/Chartboost API that would 










provide developers with access to both social features and monetization via ads” (93). Gokul: 
“The primary reason would be to get a bigger % of developer budgets.” (91) 


FB-00920874 - Apple discussion March 2013. Align with OG, Use collections to offer purchases 
of media through itunes. 


FB -00921237 - March 2013 Vernal Osofsky chat. Vernal says meeting went poorly because they 
all have different views on reciprocity and competitive concerns. They need to get on same page 
before “just asking Mark to make another subjective call, which is an inefficient use of time 
and leads to us seeming capricious.” Osofsky: “We are close to an overall framework and 
enforcement approach that everyone is aligned with including Mark (except potentially for 
Sam).... When we launch Unified Review, our focus will shift from reactive policy enforcement 
to reviewing apps before they go live and providing upfront permission around the APIs that 
they access. The general approach is: -Apps that deliver little/no value to FB can only access 
login and post to FB. -All other apps are eligible to access our APIs, but must deliver 
reciprocal value (data or money). This includes complementary social networks (e.g., 
Nextdoor) and potentially competitive future use cases (e.g., Refresh.io). We will likely 
grandfather in a small number of apps (such as Path and Flipboard) which we will treat 
differently from other similar apps. We should not let these decisions impact the overall 
framework, but just acknowledge them as exceptions.” Vernal: “I don’t think we 100% agree on 
this framework. My framework is a little different. In “evaluation order,” my principles are this: - 
Competitive products: You cannot build a product that replicates core Facebook 
functionality without our prior approval. At present time, core Facebook functionality 
includes News Feed, Timeline, Social Search, Messaging, Ads/Ad Networks and Payments. 
We reserve the right to add more products to “core functionality” over time.” (37) 
“Reciprocity: if you do enable users to import their data or their social graph into your app, you 
must allow the user to share their activity back to Facebook. This option must be prominently 
featured in your app. At our request, you must also implement the Action Importer Spec to 
enable users to turn-on this functionality from Facebook itself. Games: Our current desktop rules 
(30% on canvas, no cross-promotion off of canvas). On mobile, still TBD. To me, these two 
principles cover the high-level story. Within the “competitive products” clause, we might have 
sub-rules, e.g., we might decide that we enable competitive payment products in exchange for 
transaction data + rev share, but I don’t think that’s a general platform policy - that’s something 
specific to the payments use case. I thi nk having specific frameworks for specific use cases 
(payments, ad networks, news feed, etc.) is probably reasonable, but I think will always be 
somewhat one-off/negotiated rather than part of our general platform policies. In this framework, 
I think Path falls under our competitive network clause and we should decide whether to allow 
them based on our principles around messaging, news feed, profile, etc. and other factors. In this 
framework, I think Nextdoor does not fall under the competitive network clause and so is just 
subject to reciprocity. I think the key difference is around “apps that deliver little/no value 
to FB.” I don’t want to be in a world where we’re only approving apps that contribute 
some minimum amount of data to us.” I think we want to be in a world where we are 
enabling social apps in the world, as long as they don’t undermine our business (which is a 
subtle but important distinction). Osofsky: “1. Competitive products vs. Reciprocity. I would 
more clearly delineate between Competitive Products and Reciprocity. Specifically, I’d have a 
narrower definition than the above list of Competitive Products because it blends two concepts: 





(a) products which we will not allow to access our APIs because they replicate core 
functionality (i.e., messengers, search) and (b) products which we will allow to access our 
APIs if there is the right value exchange under the reciprocity principles (e.g., payments 
partners). This distinction is important. I think that our list of categories in (a) should be defined 
narrowly. Most apps - such as Nextdoor - will fall into (b) and we just need to ensure that we 
can address them under reciprocity principles. 2. Option value. I also think we need to discuss 
whether we are comfortable with allowing a set of apps - such as Path and Flipboard - to 
access APIs for the option value. These tend to be the least satisfying parts of the 
discussions with Mark because they are challenging to reconcile under an overarching 
framework. It might be more pragmatic to have a named list of apps which we recognize 
don’t perfectly fit.” Vernal: “I’m not sure I agree on the split for (1). I think there will be 
messenger apps where we’d let them use our graph in exchange for something else. Same 
with News Feed (e.g. Flipboard). So I just think there’s not that clear a line there. For (2), 
similarly, I think there are apps we’ll work with because we want them to like us to 
preserve ability to acquire in the future.” (38). “Net, I think if you’re replicating core 
functionality, you’re just going to have to have a deal with us, and so that set will be pretty 
limited. I think we’ll try to make all the folks in a category look alike (all the payments 
stuff look similar, etc.), but it’s still going to come down to some framework for value 
exchange around payments, or messaging, or something else.” WHOSE FRAMEWORK 
ENDED UP WINNING THIS DEBATE? WHAT WAS SAM’S VIEW? 


-00921658 - March 2013 Matt Wyndowe sends Olivan an invitation to download 
MessageMe, noting it’s the number 1 app in the app store so he wanted to check it out since the 
blogosphere is going crazy over it. Olivan writes: “They are using connect to get your 
friendlist. @Vernal - who enforces the policy here?” (58) Osofsky replies, copying Bickert: 
“Monika, who leads platform policy enforcement, is on it. In the first week after launch, 
MessageMe actually didn’t make any friends.get calls. However, MessageMe is now up to 
~350k MAU and made 333k friends calls last week. We will restrict their access to 
friends.get shortly. In terms of next steps, Monika is working with Mike Nowak to see if 
there are any other messenger apps which have hit the growth team’s radar recently. If so, 
we’d like to restrict them at the same time to group this into one press cycle. As context, 
platform is in a tough broader press cycle right now around how we engage the developer 
ecosystem (there was a Reuters piece earlier this week and we expect a negative WSJ piece 
shortly). We anticipate that Arjun will go to the press given the history with LOLapps, and likely 
will also need to chat with Chamath given that MessageMe was developed when Arjun was an 
EIR for Chamath. Monika is coordinating with Swain on how best to handle this from a PR 
perspective.” 


FB -00921983 - March 2013 Purdy, Vernal, Osofsky, Rose agree that Marie Hagman will be the 
new PM for P3.0. Purdy says that Justin needs to drive the messaging personally “as this is 
sensitive”. Osofsky writes: “In terms of the roadmap, I’ll ensure that we also include the policy 
and ops changes which will play an important role in the overall dev reaction. For instance, as 
we launch Unified Review, the narrative will focus on quality and the user experience 
which will potentially provide a good umbrella to fold in some of the API deprecations and 
canvas redirect enforcement.” Does Mr. Osofsky say that the public narrative will fold the 
API deprecations into the Unified Review narrative about user experience? Purdy: “Re: 








your last point, agreed.... I was referring to the deprecation part of Platform 3 - unified 
review is just another product feature to improve quality, not the “preotect the 
business/model/data” that the API changes represent.” Does Purdy agree with folding the 
API deprecations into the Unified Review story? Does Purdy say that Unified Review is just 
another product feature about quality whereas the API deprecations are about protecting 
Facebook’s data and business interests? 


FB -00922002 - March 2013 Zuckerberg asks Purdy, Vernal: “What is the status of removing 
li nk s to non-canvas apps from our mobile nav? We’ve been talking about this for months so I 
wnt to make sure we’re going to do this soon.” (03) Purdy: “Based on the traffic impact this is 
going to have for folks, we are planning on announcing next week, but then give developers time 
to assess the impact and make whatever changes they can to offset the loss. We are trying to be 
really thoughtful and measured about removing social channels as this is one of the biggest 
factors in how developers view us overall.” (03) 10 days later, Zuckerberg: “Did this happen?” 
Purdy: “This Wednesday is the announcement.” Zuckerberg: “And when will this be rolled out?” 
Purdy: “We are going to give devs time to react. Current plan is 90 days before it is turned on, 
but if you really want these gone ASAP, we can do it, but there will be huge blowback from 
Devs (our breaking change policy is a big success with them and when we violate it, they tend to 
go nuts). Also, we are in the middle of a negative press cycle about changes we make that take 
away distribution and not offering 90 days will play more into that.” “Okay, as long as we end up 
actually going through with this in 90 days.” Purdy: “Consider it done (albeit likely longer than 
you wanted).” 


FB-00922105 - March 2013 Swain sends around Reuters article about “app makers face a 
treacherous path” by Gerry Shih focusing on Viddy and Branchout. 


FB-00923124 - March 2013 outline of an all hands presentation showing transition from FB 
platform in 2007 to neko platfonn and unified review. Where is this presentation?*** 


FB-00923385 - march 2013 all hands meeting on future of platform as people are starting to ask 
if they even have a strategy at all with developers. 


FB-00923925 - February 2013 Vernal and Rose share data showing that focusing on neko is 
much better for FB’s business than to try to take rev share from mobile games. Many more times 
lucrative ($0.13 cents per install on game rev share versus $2.20 cost per impression in neko) 
(29). Then Rose and Vernal discuss developer consistency versus maximizing revenue. Vernal 
says need developer consistency. Rose says opposite. “The issue we need to resolve is what 
happens if we can’t achieve consistency without hurting canvas revenue?... I think the only 
solution in these situations where we have this tension - assuming you and I can’t resolve it 
between us - is to escalate to Mark to make the call. I don’t think it’s bad to escalate these issues 
to mark, and I wouldn’t want the teams to feel like it’s a bad thing. Mark criticized us recently 
for not escalating more aggressively.... GDP is a legitimate tension where we may have to make 
a tradeoff between consistency and revenue.” 





FB-00925317 - Feb 2013 Vernal, Liu, Purdy others discuss building Neko and share a list of 
target companies by vertical ranked out of 5 stars with 5 meaning the most potential spend. 
Where is this spreadsheet that Mike Fox says is attached?*** 


FB-00926250 - Feb 2013 Sandberg responds to email from Marissa Mayer regarding launch of 
Yahoo redesign that relies on FB readstream permission. Rose writes to Purdy and Vernal (51): 

“We’re revisiting this API and use case. In the meantime, we continue to run into situations 
like this that technically comply with our current approach but will potentially conflict 
with our future approach. Mike/Doug -1 know we decided to postpone “platform 3.0” 
until 2H, but it feels like we need to move more quickly. Agree?” Purdy: “We are putting 
together a plan to deprecate now. Will be this semester.” Rose: “I’m worried that we are 
executing platform 3.0 via piecemeal changes (notifications, bookmarks, API deprecation, 
etc). I think we should clarify our strategy so that people understand how all of these 
changes fit together. My suggestion is that we communicate this internally first via a 
platform all-hands, then communicate externally to developers. The sooner we do this, the 
less thrash we will cause for partners.” Vernal responds and then Rose writes back on 50: “I 
don’t think this is something we should do over email.” 


FB-00927553 - Feb 2013 Vernal chat to Purdy: “When we started Facebook Platform, we 
were small and wanted to make sure we were an essential part of the fabric of the Internet. 
We ’ve done that - we’re now the biggest service on earth. When we were small, apps 
helped drive our ubiquity. Now that we are big, (many) apps are looking to siphon off oui 
users to competitive services. We need to be more thoughtful about what integrations we 
allow and we need to make sure that we have sustainable, long-term value exchanges.” (53) 
THIS IS 643’S ARGUMENT! Vernal then says a bunch of stuff about rebuilding user trust. 
“Money. On Canvas, we naturally participated in the success of our developers. On Mobile, we 
need to work for it. We’re focused on three efforts here.” One of them is Neko. Purdy: “I knew 
you were going to say that. I think this focus on the user is one of the issues actually. I know that 
is your hook, but it doesn’t work for lots of folks that want to build developer products.... We 
aren’t solving real developer problems. All the things you heard today.... I think this is a 
conversation worth having in person. I have been talking with lots and lots of people.” (54) Also 
notes that Mark doesn’t know why they think it’s a bad idea to buy Parse. 


FB-00927744 - discussion of shutting down bang with friends. 


FB-00934261 - (62-63) Jan 2013 Matt Mahan, Causes, emails Lessin, Vernal, Archibong. “The 
summary here is that the planned change on Feb 7 will irreparably damage our 
company.... Having just acquired Votizen, we are in a position to pass structured data back to 
you (in the form of resolves, political affiliations, influence, etc) at a volume and quality that we 
have never been able to.. .We are the perfect partner to work closely with as you launch 
platform 3.0. we have always been early adopters and promoted of new FB initiatives, and 
would be one of the few non-game partners who could test innovative promotion channels. 
We also have the ability to be a significant revenue generating partner in the future.” On a 
separate thread (61), Vernal, Archibong, Purdy, Osofsky ask how Mahan knows the term 
“platform 3.0” and seem confused. Osofsky writes (61): “Ime, please make sure that no one on 















the partnerships team is using that phrase outside of FB.” Purdy: “I am fine extending the 
deadline to help them, but I don’t want to extend it for the whole ecosystem as that is the 
wrong choice for users.” DID FB EXTEND DEADLINE FOR CAUSES? NOTE THE 
BOTTOM TWO PARAGRAPHS OF MAHAN’S EMAIL WERE COPY AND PASTED. 
HOW DO YOU THINK MAHAN FOUND OUT ABOUT 3.0? DID YOU KNOW LESSIN 
AND MAHAN WERE FRIENDS IN COLLEGE AND REMAINED FRIENDS 
AFTERWARDS? IS IT POSSIBLE LESSIN TOLD HIM THAT? DID LESSIN 
INTRODUCE YOU TO MAHAN? HOW DID MAHAN GET YOUR EMAIL? ETC. 
Vernal emails Sam in FB-01201185 “I got this”. Lessin driving this? 


FB-00934373 - January 24, 2013 Rose, Vernal, Osofsky, Zuck, Systrom, Purdy, Rose string. 
Osofsky: “Twitter launched Vine today which lets you shoot multiple short video segments to 
make one single, 6-second video. As part of their NUX, you can find friends via FB. Unless 
anyone raises objections, we will shut down their friends API access today. We’ve prepared 
reactive PR, and I will let Jana kn ow our decision.” Zuckerberg: “Yup, go for it.” ZUCK 
SHUTS DOWN TWITTER ACCESS. 


FB-00934457 - (75) October 2012 lists the top spenders in the first Neko test, total of $70k 
revenue. Zoosk and mostly casino games. 

FB-00935792 - Jan 2013 Lessin “The nekko growth is just freaking awesome. Completely 
exceeding my expectation re what is possible re ramping up paid products.” 


FB-00943098 - Purdy Federov Vernal Dec 2012 discussing change to read/write breaking 
change that broke Flipboard and Foursquare. Purdy wants to get them “unfucked” today. 


FB-00943406 - Dec 2012 Andrew Bosworth (Boz) on FBX. “3. Platform advantage. Our 
developer ecosystem could be leveraged to fortify both inventory (with an ad network) and 
data (with Neko or equivalent install focused product). While we have an advantage today 
it is relatively latent as those products aren’t real or being developed.” 


FB-00943408 - Vernal, Williams, Lessin Dec 2012. Lessin (10) asking how they feel about 
Foursquare’s recommendations from facebook friends, saying “It doesn’t jibe with platform 3.0 
- wondering how we feel in the meantime practically...” Vernal: “Given Mark’s feedback, I 
think we will likely not move on Platform 3.0 stuff in the next six months. If we’re unhappy 
with this [foursquare^ I think we should deal with it as a one-off this time around.” Why did 
Mark give this feedback. 


FB-00943818 - chart showing that mobile DAUs will be higher than desktop DAUs starting Dec 
22,2013. 


FB-00943845 - Dec 2012Wolff to Vernal about addressing use case of “privacy as a service” 
without introducing step of rewriting all privacy logic. 


FB-00943916 - Dec 18 2012 Vernal and Zuckerberg chat. Zuckerberg: “I think our platform 
has become a less important force in the world over this past year, not a more important 











one. A lot of this is because of the shift to mobile and things outside of your team’s control, 
but I don’t think all of it is. I have a hard time reconciling these things, and that’s why I 
have been pushing for us to focus on our core a lot more.” Vernal: “My more fundamental 
concern here is the communication disconnect -1 both feel out of the loop on some of our 
top-line decision-making, and I feel like the work we’re doing isn’t always accurately 
represented.... The thing I have trouble reconciling is this - up until very recently (past 
couple of weeks), I had never felt better about our strategy from a platform perspective.... 
As we think about next year, one concern I have is that we over-index on data acquisition 
at the expense of our relationship with developers. We have spent so much time rebuilding 
our relationship with them that letting it drop now would, in my opinion, just be such a 
missed opportunity. What I would want to do here is ask these teams to continue focus on 
creating a solid platform for mobile apps, but to prioritize work based on it getting 
structured data into the system, rather than say that their job is now data acquisition 
instead of developers.... On the personal side, to be frank, I think this is a hard role to be in 
and not be in the more frequent meetings you have with your directs.... I like Sam and 
think he’s really talented, but I don’t think he represents it well. Sam + I disagree on more 
strategic points re: platform than we agree on. I find Sam’s skepticism really useful to keep 
us intellectually honest and on the right path, but I don’t think that makes him the best 
advocate for this stuff. I’m not asking you to change reporting structure, but I do think for 
Open Graph it would be easier if one of the following things were true: - I was in the same 
forums as Schrep, Chris, Sam, Cory, etc. so I could more accurately capture what we’re 
doing and why we’re doing it - We were held to a metric (like growth) but had greater 
autonomy with how we did stuff. To be clear, a lot of this is on me, too - because we spent 
so much time talking about Platform Business Model, and specifically the read-side of the 
platform, I let our weekly times get overcrowded by that topic.” 

FB-00944326 - vernal jolley purdy federov dec 2012 - giving Samsung ability to to lookup 
phone number to show profile photo in dialer experience even if not fb friend. 

FB-00945466 - Dec 2012 Instagram helping to test friends coefficient api as a possible 
replacement for friends list. 

FB-00947000 - Dec 2012 mobile game distribution strategy presentation 


FB-00947788 - Nov 25 2012 preparing P3.0 presentation for Mark - Vernal, Jolley. Charge for 
platform, no friends data, reciprocity, tighten policies for competitive networks. 


■ -00947909 - Vernal, Osofsky, Olivan, Lessin, Purdy, Rose November 2012 - shutting down 
Rang.com, shows that without non-app friends apps can’t compete. They all admit it. Further 
admit Amazon gets exception if they can work out larger deal. Lessin: “Just came across this 
startup (https://rang.eom/l incidentally that my cousin’s long-time boyfriend started.... It is super 
unclear to me why this is good for us / why we should be allowing this. What terms are they 
violating? And how are we going to signal in the future that this is not ok (and, incidentally, can 
someone reach out to them and tell them to stop it?)” Purdy: “The concept itself is not violating 
any existing policy that I see. In the new model, they wouldn’t be able to get all the 
friendshave to share back all social actions the user.... We could say they were a 






competitive social network, however or if they got big enough, invoke the size clause. 
Personally, I think the new model helps a great deal here, but the app could still exist, but 
with better value exchange for us - today we get nothing and lose a lot.” Lessin: “Just so I 
understand - what do we get in the new model of value in your mind?” Vernal: “Wouldn’t lack 
of friends’ birthdays effectively kill this app? And if they could some how build a social graph 
and encourage gifting, they would have to publish the gift actions back to us.” Purdy: “Exactly”. 
Vernal: “Lastly, per Doug, I thi nk the “competitive” policies should crib from Apple’s policies. 
We should say you can’t duplicate core functionality of Facebook without a deal. I think a 
gifting app is clearly duplicating core functionality.” (09). Vernal: “Justin - can we compare 
our competitive network policy to apple’s duplicate functionality policy and see if we can 
have a similar one?” Purdy: “We should change the competitive network language.” 
Osofsky: “Mike: Sure. I’ll take a look this weekend.” Lessin: “Ok - I hear that if we are going to 
have a policy about dupe functionality.. .Just short of that I can’t see reciprocity of who gave 
whom gifts being compelling.” Purdy: “I like that better than saying competitive network in the 
current policy. It provides a clear acid test.” Vernal: “Isn’t this moot? This app can’t get off 
the ground without friend birthdays. I have zero anxiety about this app in the platform 3.0 
world.” Purdy: “Me either. They could buy ads to bootstrap, but the NUX would be terrible 
if your friends weren’t already there.” Lessin: “Ah - duh- good point - I forgot we were 
taking away all friend info, including bdays.” Purdy: “They can still get app friends, but 
they have a clear bootstrapping problem. I think the app pivots again.” Vernal: “Amazon is 
a different story because they have scale. We just need to negotiate an overall fb / amazon 
relationship that would cover this.” 


FB -00948130 - Nov 2012 Jolley, Vernal, Yao, Purdy, Federov beginnings of reciprocity 
definition, Facebook can crawl and bulk import any company’s data t hat accesses Facebook 
Platform. From a 1-pager prepared by Rose Yao defining reciprocity: 







FB-00948764 - Nov 2012 Vernal chat to Zuckerberg. “Mark - We didn’t get to meet this 
week...I wanted to check whether you’d prefer discuss any of these meetings via Messenger in 
the interim. Some of the topics that are queued up: Platform 3.0.... And, obviously there is the 
PBM conversation which comes down to deciding between: free friends, paid coeff and 
total reciprocity for all; free friends, paid coeff, categorical reciprocity for all, and total 
reciprocity for big guys / competitors; paid friends, categorical reciprocity for all, total 
reciprocity for big guys / competitors. I think the ball is in your court on this one, but let 
me know if you need any more data from us.” 


FB-00949066 - Novl5 2012VemaltoPurdyJolleyFederovV|Dowehaveadoc^lanstarted 

foiM%tfom^0Bk stems like: v,eVe yoisiy hi fate just n major svt of changes (hat we're 
going io want to amnmuee soon - and it seems like we should probably be bundling all these 
changes together, giving it a name, and letting developers know that this is the next iteration of 
platform. Things that fall into this category: -Deprecating a ton of APIs - Introducing the Paid 
Developer Program - Introducing any API charging we end up doing - Explaining we’ll review 
all apps going forward - Deprecating stream.publish + fully embracing OG....Do we have 
enough clarity w/ Mark to start this process?” DID FB ANNOUNCE THESE CHANGES 
SOONISH? 


FB-00954660 - Zuckerberg, Vernal, Rose, Osofsky, Lessin, Sandberg, Purdy Oct 26 2012 chat. 
Zuckerberg suggests asking top 100 non-canvas developers how much more valuable or engaged 
FB-connected users are than non-connected users in an attempt to find a consistent rate to charge 
developers for data access. Lessin thinks it is unlikely they will find consistency. Zuckerberg 
thinks that they can’t find consistency overall but could find it for different app categories. 
Zuckerberg suggests doing deals with developers to start finding out what a public rate might 
look like through that process. Lessin: “I am very in favor of deals, I am extremely skeptical that 
we will be able to extend from deals to a generic answer just as I would argue that with payments 
we ended up in a local maxima for games, but missed / are missing the larger frame.” (61) 
Zuckerberg: “I’m not suggesting we have one rate for everyo ne. I’m suggesting we have 
different revenue shares for different categories.” (61) Rose: 









PLATFORM COMMITMENT. 


FB-00954676 - Oct 25 2012 Zuckerberg proposed to Vernal, Lessin, Osofsky, Purdy, Rose: 

“The idea here is that in order to get developers into a progressive tax scheme, we just mandate a 
rev share by vertical.” Vernal questions whether this will work since FB is a service not a 100% 
owner of identity data. Zuck wants a share of revenue from all future FB-connected users. Very 
difficult to implement, audit and enforce. Vernal thinks that’s a loss leader and should focus on 
premium read services, app install ads, ad network. Vernal references “Dan’s suggestion on 
Monday, which is to try to strike deals with the top 100 partners as determined by size, instead of 
rolling out some broad/public tax.” (78). Zuckerberg disagrees that FB needs to control the 
environment to be able to tax. 


FB-00963936 - on 37, sept 2012 Olivan writes to Vernal, Lessin, Purdy, Cox about SmartSynch: 



■ -00968688 - Sept 2012 discussion of modeling out revenues for charging developers API 
access. On 92, Vernal writes to Lessin, Osofsky, Liu, Wyndowe, Jolley, Purdy. “Slide 3.1 think 
the “we are enabling competitors” might be too subtle. The real issue here is this - we don’t 
have a set of rules where we are really comfortable with folks like Path, Pinterest, and 
others integrating with us. One of the things we’ve talked about is a principle of 
reciprocity. I’m actually pretty excited about that model.. .we’ll let them access some of our 
data, as long as they provide endpoints that let us access + import their data, too... .I’d love to 
somehow frame up in this deck that (a) we allow competitors to leach info out of the graph 
today, which makes us uncomfortable, and (b) our solution is a combination of restricting 





what data you can read and requiring reciprocity (key developers have to expose 
APIs/access to their data so we can import it). At the very least I’d like to have a 
conversation about this because I think the “enabling competitors” is one of the two biggest 
issues (the other is monetization) and it’s a little buried right now. Slide 4. Annual Developer 
Program - one of the things we don’t really price into this model is a question as to whether we 
need to raise our service levels to credibly charge for our platform. E.g., I think we put 
developers through a lot of shit today, but it’s somewhat defensible that it’s a “free 
platform” (even though people are building multi-$100M businesses on it).” Purdy: 
“completely agree on the enabling competitors - we aren’t making any money - and worst 
we are helping others make money at our expense. Would be great to call out.” Deck they 
were working on is at FB-00969530 Facebook Mobile Platfonn, shows developer dashboards to 
track apps through Facebook Developers site. 


FB-00979686 - July 2012 Purdy Fessin Vernal prepare 1H goals against actuals. Shows 
underperforming heavily relative to developer goals. (86). Fessin writes: Privacy, the Bad: didn’t 
make as much progress as anyone wanted.. .team was/is under-staffed.” (88) 


D -00984921 - June 2012 Vernal Purdy Fiu “Project Neko and Ads Relationship”. Graphic on 
23 shows Platform Team and Ads Team and then venn diagram overlaps them with “Project 
Neko - Mobile developer app installs” (23). Fiu writes on 21: “Project Neko is firing on all 
cylinders, and we have figured out exactly what we need to do to be competitive in this space.” 


FB-00986079 - Vernal May 2012 note to Purdy Osofsky others: “We’re going to pursue both (a) 
having the partners build the best OG implementation possible and (b) building our own “hacky” 
scraper ourselves, in parallel. We already have a bunch of hacky scrapers, and we’ll add in the 
missing ones. We’ll prioritize this by the size of the partner (so Twitter first, then Instagram, 
etc.)....In parallel, we’re spinning up the effort to have a reliable backend for crawling all these 


sites ourselves.” DO YOU WRITE IN THIS EMAIL THAT FB IS GOING TO BUILD A 
SCRAPER TO PULL DATA DIRECTLY FROM TWITTER AND INSTAGRAM’S 
PUBLIC FACING WEBSITES? 


FB-00986210 - Partner Update May 2012 Selekman to Zuckerberg, Beard, Vernal, Lessin, 
Osofsky, Rose and others. Shows impact to partners of changes to stream/newsfeed API. Shows 
social cam down. Viddy down over 20% week over week due to removal of play button etc. 


FB-00986265 - May 22, 2012 Vernal note to Federov - “We don’t have a platform business 
model on mobile yet.... More broadly, we don’t have any business model on mobile yet, 
and that’s a big issue. We think it has to be advertising-based, but we haven’t figured it out 

yet. For a long time, the ultimate business model for platform is projected to be sponsored stories 
based on Open Graph content. This should work on both desktop + mobile. The biggest / most 
efficient market segment for advertising on mobile today is driving app installs. This is at 
least partly because it’s the most measurable - if you kn ow that you get $0.70 from every game 
you sell, then in theory you can afford to pay up to $0.69/install. This kind of measurability 
allows for maximal bidding. So, what we’re trying to do is kickstart our sponsored stories 
business on mobile by focusing on one particular type of story (is-playing stories) and one 
market segment (games), make that work really well, and then expand from there.” 











FB-01005114 - Zuck letting team kn ow of IPO filing Feb 2012 


FB-01007910 - Jan 2012 Apple Facebok agreement Exhibit B covers Apple access to extended 
APIs, including various photos APIs, Exhibit C covers apple integrations, that FB will use SSO 
on Apple products etc. 

FB-01020743 - Rose email to Vernal, Taylor, Daniels others November 2011. “App Definition 
& Payments” - Rose: “In this context, payments is a way to charge developers for access to 
distribution channels. This feels intellectually honest and structurally sound.... Primary 
objective: Make money from the value we create for developers.” 

FB-01049403 - August 2011 announces sharing into newsfeed in bulk rather than just to a 
specific friend’s newsfeed for developer apps. Shows encouraging use of stream api around this 
time. 

FB-01051775 - privacy research study by Worcester Polytechnic Institute that FB may use in its 
defense. Seems like from 2011. 


FB-01052601 - July 2011 Vernal Rose Taylor Sjogreen discussion of user data exporting policy. 
Sjogreen describes three approaches on 02 - “Option 1: Add product friction to GDP. Detect 
exporting apps.... Option 2: Broad Policy. Create new platform policy that explicitly prohibits 
apps whose primary purpose is to export data to other services.... Cons: short term PR hit 
(although we’ve largely already paid the “we’re closed” price).... Option 3: Narrow Google + 
Policy (RECOMMENDED). We specifically disallow apps that export data to Google.” Olivan 
responds on 01 that he likes the recommendation of limiting the policy to google+. Sjogreen 
responds: “I still for what its worth have a lot of heart ache about doing anything here. I think its 
both anti user and sends a message to the world (and probably more importantly to our 
employees) that we’re scared that we can’t compete on our own merits... .I’d actually suggest we 
wait to let this play out a bit, and go with the #3 option (explicitly shut down Google + 
exporters) if any of them actually get traction....” 

FB-01054694 - July 2011 Vernal Sjogreen email thread. Sjogreen buckets API permissions into 
“safe” and “scary”, puts friends data into scary bucket. Vernal responds: “This mostly matches 
my intuition. The one that that seemed odd was: [lists friends permissions including friends 
photos]. Given we are a social platform and ideally people would be building experiences 
that use your friends’ data, it’s weird that the “My own” versions of these permissions 
would be safe, but the “Friends” versions of these permissions would be scary.” 


FB-01057841 - July 2011 Cox Rose Vernal Lessin and others noting that Platform policy 
discussion for google+ data exporters with Zuck and Sheryl. 


FB -01059553 - July 2011 Vernal preparing public note around Stripe changes to newsfeed that 
affected developers. “We recently launched some changes to those systems that overweighted 
certain types of user feedback, causing us to erroneously disable some apps. While we quickly 
re-enabled those apps, we realize that any downtime has a significant impact on both our 





developers and users. Many of our developers have chosen to build their businesses on top of 
Facebook, and we take that responsibility very seriously.” 


FB-01062004 - July 2011 Vernal asking Sean Ryan “What’s our process for determining 
whether a partner gets any high-touch support?” Ryan: “There is not a hard and fast rule. They 
generally have a minimum threshold DAU or they are a new category or a new region we want 
to support. Or they kn ow someone. Send to me for now. Thanks!” 


FB-01062011 - On 13, June 2011 Vernal post to Platform Integrity: “On the flip side, it’s very, 
very bad when we disable a legitimate application. It erodes trust in the platform, because 
it makes developers think that their entire business could disappear at any second. I’ve 
seen a little bit of cheerleading about the aggressiveness of the action on Thursday/Friday - 
it’s really not appropriate. Some of these apps were malicious, but a lot of them were 
developers trying to build apps within the rules we set out.” 


FB-01073066 - May 2011 feedback from developer (Audio Galaxy) to Federov about Facebook 
Platform. “tl;dr - the amount of churn that Facebook expects developers to keep up with is 
unsustainable. Instead of being a tool, it’s quickly becoming a crutch.” 


FB-01079456 - April 2011 Platform User Survey Drafts. Survey they will probably use in their 
defense. 


FB-01105781 - Project Spotlight presentation from Nov 2010 “Helping Businesses understand 
why they should build on Facebook Platform” 

FB-01108503 - Nov 2010. discuss putting moratorium on developer for selling data, Purdy says 
it’s an A/C privileged email. Colin Stretch writes back, not redacted. Privilege not preserved? 

FB-01116069 - Facebook Platfonn 2010 plan (2 pages). “Develop a more open than open plan” 


FB-01138198 - Vernal helping Xobni integrate, (also FB-01138706) 


FB -01139282 - Kangaroo (April 2008). “The core goal of Kangaroo is to help users interact with 
their social graphs using applications external to Facebook. While external applications have 
existed for almost two years, their usage is dwarfed by applications running within the Facebook 
site.... Kangaroo aims to increase external application adoption....” (82) “Scenario: Photo/Video 
Sharing Sites.. .Import/Export Photos & Videos - offer the ability to import Facebook photos or 
videos into site.” (84) 


FB -01139441 - Morin emails Vernal and others the Kangaroo update: “Announcing Facebook 
Connect”. “Facebook Connect is the next iteration of Facebook Platform and will allow 
users to interact and share information with their friends on any website, while being 
comgfortable that their information follows the same privacy rules as on Facebook.” (41) 
“Friends Access. Users count on Facebook to stay connected to their friends and family. 
With Facebook Connect, users can take their friends with them wherever they go on the 
open web.” (cleaner copy of announcement at FB-01139452). 











FB-01145209 - Jan 2014 Zuckerberg email on Hunch showing Facebook wants to compete on 
dating. At 10, “There are really two types of dating apps: ones that are designed for a specific 
task (finding long tenn relationships, finding hookups, etc) and ones that are general social 
systems that could be used for dating but are not only designed for such. Tinder, Match.com, etc 
are all examples of the first, but I actually think the second is far more valuable and useful if it 
can be created. Historically, this is why Facebook has been so good for dating. It isn’t explicitly 
a dating service, so there’s no stigma to being a part of it. But once you’re there, a part of it can 
be used for dating. I’d bet that more dates and relationships start on Facebook than all of the 
other dating services combined.” (FB-01145229 Vernal shares his thoughts on dating apps) 

FB-01147409 - Purdy Vernal Nov 2013 chat - Vernal notes that Kevin (Lacker?) thinks they are 
making the wrong calls with psl2n 

FB-01148672 - On 74, Lacker asks Sukhar, Federov, Spehar, Purdy, O’Neil, Bao questions 
about implications of removing friends.get. Were these questions ever answered? 

FB-01148708 - Aug 2013 Dick Hardt, in charge of identity for Alexa at Amazon, asks Purdy for 
private API access, Purdy forwards on saying he gets a ton of requests like this, and buckets into 
Facebook/Partner/Platfonn (Core)/Platform (Experimental). Daniels and Osofsky agree with the 
framing. 


FB-01148731 - Aug 2013 Vernal discusses three year stability guarantee with Purdy, says his 
preference for this came from discussions with Ilya and Kevin. 


FB-01150813 - April 2013 Vernal to Purdy “I’m 100% certain that we ended with total 
reciprocity. The reason I’m certain is that I argued strongly for categorical reciprocity, I 
lost, I accepted defeat, and I then grew to begrudgingly like total reciprocity. 100% certain 
here.” Purdy: “Well, I want to revisit it regardless. It is too complex.” 


FB-01154226 - Dec 2012 - Vernal explains reciprocity to FB employee Yariv Sadan. “The 
reason the social graph thing is necessary but not sufficient is because for most apps we’re 
bootstrapping their graph, and their additions are really minor. So the value is really 
asymmetrical. Take Instagram, if we hadn’t bought them - would we have been happy if they 
had grown on our backs (through our graph) and only contributed a handful of friend/follow 
edges back to us? No.” Sadan replies: “Got it. That clarifies things. So reciprocity means ‘our 
graph for your content’, not ‘our graph for your graph and our content for your content’. I guess 
that’s fair given the asymmetry of the value of the data.... I think it would make sense 
to.. .phrase it as ‘our graph for your content + graph’. Vernal “100% agree. That’s the plan.” 


FB-01156137 - Oct 2012 Rose, Vernal, Osofsky, Zuckerberg, Lessin, Purdy chat. Osofsky 
shares top apps by installs/MAUs. Zuck asks for a version of that which is just mobile/non¬ 
canvas apps. Purdy asks to highlight whether the app is competitive or not. “I think the biggest 
question is if the app is competitive or not. For non-competitors, I think we want to have a 
very simple business model that is transparent and predictable from 1 MAU to 100M+ 
MAU. Apple doesn’t have a platform where it is 30% up to a point and then you have to 








sign a deal with them (either does MSFT, etc.). For competitors, I think we could absolutely 
do BD deals like we have done with Path (and will do with others).” (37) Vernal: “We 
should define what it is to be a competitive network, and we should say that those may only 
use platform with our express consent (i.e., you need a deal). We should do this regardless of 
size. For everyone else, I think we should define a clear set of principles for working with 
platform.... Data reciprocity... 


FB-01156203 - Oct 7, 2012 Zuckerberg chats to Vernal, Daniels, Rose, Purdy. “I’ve been 
thinking about platform business model a lot this weekend....I also think that if we make it 
so devs can generate revenue for us in different ways, then it makes it more acceptable for 
us to charge them quite a bit more for using platform. The basic idea is that any other 
revenue you generate for us earns you a credit towards whatever fees you owe us for using 
platform. For most developers, this would probably cover the cost completely. So instead of 
actually ever paying us directly, they’d just use our payments or ads products. A basic model 
could be: Login with Facebook is always free; Pushign content to Facebook is always free; 
Reading anything, including friends, costs a lot of money. Perhaps on the order of —$0.10 / user 
each year. For the money that you owe, you can cover it in any of the following ways: Buy ads 
from us in neko or another system; run our ads in your app or website; Use our payments; Sell 
your items in our Karma store. Or if the revenue we get from those doesn’t add up to more than 
the fees you owe us, then you just pay us the fee directly.” THIS SEEMS TO BE 
ZUCKERBERG’S TRANSITION POINT BETWEEN CHARGING FOR PLATFORM 
ACCESS AND SUBSERVING PLATFORM TO THE INTERESTS OF OTHER 
PRODUCTS. 


FB-01156437 - Management offsite with Zuckerberg, Sandberg, etc., agenda says Sam Lessin is 
in charge of Platform Business Model discussion from 130-330pm. 


FB-01156584 - Zuckerberg, Vernal Lessin chat string August 12, 2012 - Zuckerberg wants to 
talk about Platform Business Model on August 13. Mentions discussing Platform Business 
Model with the Facebook board on Thursday August 16. Was Vernal there? 


FB -01156760 - Aug 2012 chat discussing platfonn business model and GDP for prep to 


discussion with Zuckerberg. LESSIN PROPOSES CHARGING, VERNAL THINKS WASTE 


OF TIME. NO MODEL FOR CHARGING FOR ACCESS. Lessin writes about some 
“fundamental problems” - “we have gone through imprecise cycles of boosting and then 
pulling back distribution because we have no fundametanl value model for information 
published by partners we are constantly trying to tune the ecosystep up and down in ways 
that make it hard for partners to rely on us / work with us. We have a sometimes “tense” 
relationship with people we might view as competitive.... Because there is no clear and 
positive value exchange with developers to evaluate situations against we get into tense 
situations where we feel like we are paying for / subsidizing the growth of competitors.. .A 
proposed solution...Economically rationalize platform for stability and growth - charge 
directly for information / APIs Charge developers per-call to our APIs...charge directly for 
subsidization in feed / distribution across feed...we need a mutual information exchange 
policy.” (61-62). Vernal “I really think we’re wasting our time talking about charging for 








APIs. I don’t think it’s a scalable business model and is, frankly, a waste of our time. 
That’s not where the real money is, and it will have weird downstream effects.” (62) 

FB-01157146 - developer feedback from June 2012 showing dissatisfaction with platform 
stability, frequency of changes to and completeness of APIs, responsiveness to bugs, 
documentation. 


FB-01174454 - March 2011 Olivan email talking about removing API access to a bunch of apps 
(20 apps?) (61). Policy team debates with Vernal/Olivan and loses. These apps were encouraging 
random friendships which violates the spirit but not letter of FB policy. Vernal and Monica 
Walsh apologize to each other after the tense debate, Vernal writes back to Walsh’s apology: 

“No need to apologize, and in fact I apologize if I came across too strongly below. As 
context, one of the arguments that I often have to have w/ folks is about keeping platform 
both open (accessible to all, not a whitelist model) and powerful (being able to do 
interesting things with it). Pretty much everyone is always asking us to turn off APIs (Zuck 
& Photo Tagging) or whitelist APIs (Add Friend) or worse. In each of those cases, my basic 
argument is that between technology + pops we can keep this stuff under control. If 
internal sentiment goes really sour on platform, it’s probably much worse for us than if 
even external folks are getting pissed. So I just try to be careful about feedback from key 
partner teams.” VERNAL ADMITS TO BEING PUSHED TO CLOSE PLATFORM BY 
KEY TEAMS INCLUDING ZUCKERBERG. DEBATE ABOUT OPEN/CLOSED AS 
EARLY AS MARCH 2011. 


FB-01175185 - April 2011 Dave Morin asks for hashed email API access for an app he invested 
in called Sparrow. Wei Zhu asks Vernal if ok. FB-01226143 - Vernal says “We’re not really 
expositing it to more people at the moment. If you have a user access token, you can use search. 
This is rate-limited, so you can’t use it for tons of lookups, but it should work for an email 
client.” 


FB-01175719 - March 2011 Cheever complaining to Vernal about having to change the way 
Quora prefills messages in feed: “Just sort of frustrating to do a fire drill to comply with some 
policy when complying with the policy makes our user experience worse” 


FB-01179660 - July 2010 ZUCKERBERG ON MOBILE STRATEGY AND GOOGLE APPLE 
TFIREATS, SECRETIVE PRODUCT PROCESS. Zuckerberg and other employees on thread 
discuss secrecy of Questions product. Steve Grimm complains about beginning of a lack of an 
open culture and concern over competitive leaks making it unproductive how facebook works 
internally. Zuckerberg chimes in against Grimm’s criticism: “I’m supportive of the product 
development model we used here with Questions for a few reasons. We should improve a bunch 
of things about the process, but overall I think this process fits with our cultural goals and 
evolving organization for a few reasons: (1) Autonomy.... (2) Bigger, Longer Term 
Projects.. .(3) Competitive Threats.... We are now in a situation where (a) we’re competing with 
more companies and products and (b) we have more employees so the risk of a leak is higher... 
One example is with our current mobile platfonn strategy. Some people have heard we’re 
building a phone but that we aren’t talking about it much. Here’s the reality: (a) Our real mobile 
strategy is to get FB platform and apps built deeply into every phone. That’s the horizontal vs. 













vertical platform strategy I always talk about at all hands. Our goal is to make everything social, 
not sell phones, (b) However, we face a very complex competitive situation. Google doesn’t 
want to integrate us because they hate us and will avoid it all costs if they can. Apple is very 
difficult to work with and will avoid working with other companies if they can. We believe that 
if someone builds a good phone that integrates a social platform at a deep level, that will create 
pressure for both of these companies to work with us. (c) We’re exploring multiple different 
ways to do this and we’re not really sure what we’re doing yet.... (d) Competitively, the 
soundbite “Facebook is building a phone” is so compelling that it is extremely likely to leak and 
damage us. If it leaks.. .then that basically destroys our chances of successfully partnering with 
anyone else for a long time until we are so successful they really need to work with us. It will 
also likely destroy our whole relationship with Apple on all things and not just the iPhone. Steve 
is touchy, so that one could be permanent. So the competition is very high stakes, and we can’t 
have people just throwing around the phrase “we’re building a phone” left and right here.... In 
one sense, it’s true that we are trying to build a phone as one of our tactics. In another sense, that 
means something completely different to outsiders... Our real goal here isn’t to build phones but 
to make everything social, and this is really just one of a number of early stage experiments to 
see how we can get there.” 


FB-01188663 - Feb 2015 GROWTH TEAM TRACKS CALL LOGS ON ANDROID; 


GRAVITY TEAM TRACKS YOUR LOCATION; GROWTH TEAM FINDS A WAY TO 
IMPLEMENT WITHOUT EVEN REQUESTING PERMISSIONS. Michael LeBeau emails 
Vernal and others: “Hey guys, as you all know the growth team is planning on shipping a 
permissions update on Android at the end of this month. They are going to include the 
“read call log” permission, which will trigger the Android permissions dialog on update, 
requiring users to accept the update. They will then provide an in-app opt-in NUX for a 
feature that lets you continuously upload your SMS and call log history to Facebook to be used 
for improving things like PMYK, coefficient calculation, feed ranking, etc. This is a pretty 
high risk thing to do from a PR perspective but it appears that the growth team will charge 
ahead and do it.... Separately Gravity team had been intending to ship the Bluetooth 
permission on Android at the same time.” Worried about stories that say “Facebook uses new 
Android update to pry into your private life in ever more terrifying ways - reading your 
call logs, tracking you in businesses with beacons, etc. Gravity had a great initial reception. 
This is because we took painstaking steps to ensure that we had a clear story of user 
value.... But we’re still in a precarious position of scaling without freaking people out.” 
Vernal: “I acknowledge but tend to be less concerned about this risk than you guys are.” 
(64) Yul Kown writes: “Also the Growth team is now exploring a path where we only 
request Read Call Log permission, and hold off on requesting any other permissions for 
now. Based on their initial testing, it seems that this would allow us to upgrade users 
without subjecting them to an Android permissions dialog at all.” 


■ -01188843 - Nov 2014 Zuckerberg asks Vernal “Are we doing anything to continue develop 
Connect / Login with Facebook?” Vernal says: “Finishing the transition from API 1.0 — > API 

2.0. This was a huge shift because it drastically curtailed the information that people had 
access to, and the deadline is coming up (April next year). We’re working through edge 
cases here with partners (e.g., the default change would pretty meaningfully break dating 
apps like Tinder, since you’d no longer be able to show the names + pictures of mutual 








friends, so we’re working through a way to not break that).” Vernal then describes login. 
Zuckerberg asks “Are we gaining market share, steady or declining here?” Zuckerberg 
concerned with whether new API has impacted Login / Connect adoption. Vernal admits nature 
of Graph API 2.0. 


FB-01192796 - Vernal Zuck chat March 2014 putting Parse into Infra team not Platform team: 
“If we were to make this move, I think the biggest con would be it being a pretty big existential 
blow to the Platform team. We’ve framed up the mission as build, grow, monetize. This would 
eviscerate the Build pillar. I think it would change the tenor of platfonn to basically be about 
Ads/Games/Payments, and make it much more of a monetization-focused team. It would also 
make messaging, marketing, developer support, etc. a lot more complicated. It would make it a 
lot harder (imho) to hire a single, senior leader for Platform.” (97) 


|B -01193401 - Sukhar Vernal chat Feb 2014. Sukhar: “Hey, I put together a plan for f8 that 
everyone finally agrees on. The big difference is that we’re going to hold the ‘bad stuff’ of 
psl2n until after. https://quip.com/HOQABAHBBzi - details there. Can you take a look and 
see if you agree and see if you think we need Mark to sign off? Me, Fran, Doug, Vlad are all on 


board. ADMIT THEY ARE WITHHOLDING MATERIAL INFORMATION IN 
ANNOUNCEMENT. 


■ -01193711 - Jan 2014 Zuckerberg emails Vernal and Stocky: “I’ve been thinking a lot about 
Tinder and other people recommendation apps since about 10% of people in many countries are 
using a Tinder now. People recommendations seems like something that should be right up our 
alley, but it’s currently something we’re not very good at. Tinder’s growth is especially 
alarming to me because their product is built completely on Facebook data, and it’s much 
better than anything we’ve built for recommendations using the same corpus.... I think this 
is a big and important space and it’s something we should have a team working on - probably to 
develop people recommendation Hunch sections for now.” 


FB-01195860 - Oct 2013 Vernal Purdy Fran Larken discuss renaming Facebook Platform to 
Facebook Developer Services. 


FB-01201562 - Dec 2012 Jolley asks Lessin about Cooliris - “best practice or anti-pattern?” 
App that aggregates your photos and your friends photos all in one place. Lessin: “Not sure! My 
view would be not awesome.. .but don’t know.” 


FB-01203441 - May 2012 Zuckerberg already implements reciprocity using action 


importers. “For the action importers, we should prioritize the apps that have the most usage 
first. So Twitter is the most important partner here by far, followed by Instagram, then Pinterest 
and then probably Foursquare. What other apps do people use to post a lot of content? YouTube? 
Blogger and WordPress? Any particular games like Draw Something or a popular Zynga game? 
If any developer doesn’t want to work with us on this but still wants to be able to pull friends and 
other data from us, we should be clear that this reciprocity is important to us. Pinterest, 
Foursquare and others should understand this. Let me know if I can help out as well since I know 
the founders.” Zuckerberg then asks about removing the play button from video apps, OG 
features and Quora and Path launching OG functionality? 












FB-01204694 - Feb 2012 Vernal saying to do something in a way where competitors can also do 
it and not give advantage to a company just because they know FB. Shows the expectation was 
there to be fair. 


FB-01206324 - Jan 2011 task showing granular app privacy controls were in place for what your 
friends could share with other apps, with granular controls by pennission. See screenshot of 
screen at ■ -01206328 (shows privacy controls existed). 


FB-01206629, 31 - Zynga deal 


FB-01210326 - June 2010 Jason Calacanis emails Mark and Sheryl about lack of data export 
option 


FB-01213769, 70 - examples of shutting down platfonn apps in sept 2009 for photo tagging api, 
disabling app “was approved by Mark Zuckerberg.” Trying to address legitimate photo tagging 
spam. 


FB-01213786 - Sept 2009 Zuckererg calls out spammy photo tagging apps. Beard suggests 
killing it. VemaFTaylor want to find solution to stop spam but avoid breaking legitimate apps. 


FB-01215362 - June 2008 discussing partnership with xobni 


FB-01215536 - ZUCKERBERG MADE PLATFORM A FAIR AND NEUTRAL 


ECOSYSTEM ETC ETC. February 2008 Vernal emailing Cheever quoting Zuckerberg as saying 

“The way we’re going to enable a lot of information flow is by letting apps give us potential 
feed stories for anything that a user does within that app. If an app gives us lots of stories 
with in information that users find interesting, then we’ll show more of them and that app 
will get more distribution.” NEWSFEED API WAS ZUCKERBERG’S IDEA. Vernal 
expresses concern, says you can’t blame developers when “They’re just doing what we 
suggested they do.” (36). Zuckerberg: “Platform is key to our strategy because we believe 
that there will be a lot of different social applications and ways that people communicate 
and share information, and we believe we can’t develop all of them ourselves. Therefore, 
even though it’s a challenge for us to get this right, it’s important for us to focus on it 
because the company that defines this social platform will be in the best position to offer 
the most good ways for people to communicate and succeed in the long term.” Zuckerberg 
notes focus on trustworthy apps and giving distribution to effective apps. 


FB-011215649 - Jan 2015 Vernal has O’Neil add CoffeeMeetsBagel to the dating app list 
getting special API access along with Tinder, Hinge, etc., because they are getting high profile, 
e.g. they “turned down $30M from Mark Cuban”). 


FB-01215678 - Nov 2014 Vernal Liu discuss what the platfonn people like KP are going to do 
after and note they’ve expressed concern for what they should focus on next. 








FB-01217034 - Facebook platform board deck February 11, 2014, does not discuss PS12N 
deprecations. Build, Grow, Monetize etc. $2B annual run rate business. 


FB-01217088 - Jan 2014 Sukhar asking about the big exception they are giving apple in 
allowing the login workaround on iOS. Zarakhovsky suggests that they reduced the actual 
granted permissions within the native iOS login dialogue. Sukhar asks “Can we do that without 
effectively lying about the granted permissions?” 

FB-01217108 - Jan 2014 Vernal, Olivan, Archibong discussing Messenger as a platform and 
messenger competitors 

FB-01217135 - Jan 2014 Greg Badros introduces Sean Rad (Tinder CEO) to Vernal so they can 
get together for a dr ink . 


FB-01217327 - Dec 2013 Sukhar Build Update to Vernal, Purdy, Federov. Sukhar says “a first 
cut on the number of alive apps that’ll be affected (27,000) by PS12N. References Hendrix as the 
dev site and it’s at 40% and will be at 100% after everyone gets back from holiday. 

FB-01218246 - Oct 2013 Purdy tells Vernal he “Need Your help with this Javi thing. The 3 rd 
party id thing we are doing as part of psl2n.” 


FB-01218365 - Sept 2013 PS12N meeting with Javi. Discussion between Purdy Sukhar O’Neil 
Federov. Sukhar says he is just going to ask Javi what he doesn’t like about Platform. Purdy tells 
Sukhar that’s not going to fly because if Javi had his way there would be no platform. Need to 
present solutions. Need to involve Lessin since “he was involved in the planning with Zuck”. 


FB-01218622 - Sept 2013 Purdy and Sukhar thi nk Federov is “totally opposed” to the PS12n 
plan. Vernal asks Federov, says he’s not opposed to “the end state which is smaller API aligned 
with our business goals.. .1 am less sure about the best way to execute and if core as defined is 
the right intermediate state.” 


FB-01219005 - August 2013 Zuckerberg and Vernal discuss risk of losing Purdy and convincing 
him to stay past November in order to handle the platfonn changes right. 


FB -01219463 - July 2013 Vernal Osofsky Daniels Purdy Rose finalize data protection language 
for Amazon. Agree to provide 30 days notice, gives Amazon a friends exception. “ Updates to 
the Facebook Platform Policies, unless made due to changes in applicable laws or regulations, 
will not apply to Amazon if such changes further restrict Amazon’s ability to use friend 
connections, established during the term, between users of a Developer Integration. For sake 
of clarity, Facebook may change such policies after the term but such changes will not impact 
Amazon’s use of the user connections established during the term. ” 


FB-01219651 - June 2013 Vernal and Bickert discuss shutting down Lulu, but decide to keep it 
because they stopped showing non-friends to friends in app. Bickert: “If I could get data showing 
that male users are discouraged from making friend connections that they otherwise would make, 
I could argue that this is a misuse of our product.” But she approves them “They made some 








changes in are now in compliance. I am not crazy about the functionality, but I really have no 
grounds to limit it further.” Vernal: “Yeah, this is really tricky. Platform 3.0 will effectively 
break this app / fix this, because then the only men in the app will be those who signed-up 
themselves. For now, I think this app is in bad-taste, but not in such bad taste that (like Bang 
with Friends) that I’d necessarily shut it down. That said, the inverse app (men rating women) 
would be seen as misogynistic and would be even more borderline. Net, I think we’re probably 
doing the right thing here, even though I don’t like it.” FB COULD USE LULU IN TFIEIR 
DEFENSE. 


FB-01219736 June 2013 Liu tells Purdy “I have been spending a lot of time this weekend 
thinking about where Neko is and how we can go from $1.5M per day to $2.75M. Can you 
believe we are speaking of it as being in striking distance? ©”. Liu says she is meeting with 
Sheryl tomorrow and has been working on this all week. “The first answer I hear when meeting 
with various teams is “Isn’t Neko supported by Platform?” (FB-01219942 Deb is killing it and 
discuss promoting her) 

FB-01220102 - May 2013 product review. On 03, Unified Review definition, not a subjective 
quality review, not a policy review, not a certification or verification process, reviews app to 
comply with platform guidelines, no more than 4 pennissions. 


FB-01220198 - May 2013 Zuckerberg and Vernal discuss buying company that uses email to 
build database of all your purchases via receipts. 


FB-01220344 - April 2013 Purdy sends Vernal Platform 3.0 Plan. (Plan starts at 45). Starting at 
47, “Platform 3.0 Rules of the Road... .Principles: The fundamental principle that governs 
Platform usage is a simple concept: reciprocity. Reciprocity involves an equable value exchange 
between a 3 ld party developer and Facebook. This value exchange involves one of the following 
from developers: high-quality experiences that FB users can use to tell great stories to their 
friends and family on FB and/or monetary value in the fonn of revenue sharing or direct 
payment. In return, Facebook offers a developers access to our Platform. When considering the 
implications of reciprocity it is important to note that a second order principle quickly 
emerges: competitive access. There are a small number of developers whom no amount of 
sharing to FB or monetary value can justify giving them access to Platform. These 
developers do not want to participate in the ecosystem we have created, but rather build 
their own ecosystem at the expense of our users, other developers, and, of course, us. That 
is something that we will not allow.... Strategic competitors. We maintain a small list of 
strategic competitors that Mark personally reviewed. Apps produced by the companies on 
this list are subject to a number of restrictions outlined below. Any usage beyond that 
specified is not permitted without Mark level sign-off.” (48) MARK PERSONALLY 
MAINTAINS AND SIGNS OFF ON A LIST OF COMPETITORS WHO ARE DENIED 


ACCESS TO PUBLIC PLATFORM DATA. “App services: All developers, save strategic 
competitors (above), may use our app services. The reciprocity for these services is clear: 
money in exchange for CPU, data storage and network bandwidth. In terms of 
oversight/policy enforcement, we will reactive handle any strategic competitors that we 
discover using these services.” (48) FOR ALL NON-COMPETITORS, PAY US 
SOMEHOW AND WE’LL GIVE YOU ACCESS TO THE DATA. “During app review, we 
















examine the APIs that the app uses in order to determine what the appropriate level of 
reciprocity. The guideline for this review is “take data, give data”. The review tool is built 
to help with this assessment in that for every read API used by the app, we flag if the app 
has also implemented Action importers.... If they are not, the app is a “data leach” and will 
be rejected.” (49) ALL NEW APPS WILL BE DATA LEACHES BECAUSE THEY 
DON’T HAVE DATA YET TO CONTRIBUTE - DISADVANTAGES SMALLER 


COMPANIES. “Friend Data - we’re removing this (removing friend_ 


permissions)....Generally only available with a business deal.” WILL GIVE FRIEND 
DATA TO NON-COMPETITORS ONLY IN CONTEXT OF A BUSINESS DEAL. 


FB-01220359 - April 2013 Purdy gives Vernal a plan for “categorical reciprocity,” 
meaning an app only has to share back the kind of data it takes in, if I’m Netflix and I take 
in movie data, then I have to give back movie data. Vernal corrects purdy that we have 
“been operating under total reciprocity as the plan-of-record since we agreed on it in 
November.” 


fB -01221432 - Oct 31 2012 (same day as Vernal note to staff), Vernal writes to Purdy, Lessin 
Rose and Osofsky in preparation for Zuckerberg Platfonn Business Model meeting. “We have a 
meeting w/ Zuck + mteam next Wed @ 10am to continue to platform business model 
conversation.... I expect that conversation to be 5-10 minutes of framing and then a broader 
conversation about how we could price this stuff (some extension of Mark’s email this morning). 
There’s a bunch of anlaysis we have in-flight that I thi nk it would be good to have written down 
for the meeting, if/when it comes up: -Top 5-10 Partner Deals - who would we try to strike a 
deal with, and what would we try to get. Justin, I assume you’re driving this? I think it’d be good 
to have a straw man here so people can react to it. -FB User Marginal Value Analysis - for FB 
partners, how much more valuable is an FB user than a non-FB user. Mark keeps hearing FB 
users are “way more valuable.” We keep telling him that’s not substantiated (other than Spotify). 
We should debug this (and make sure we include games in this analysis). Justin, assume you’re 
driving this? - Loss Leader Analysis - does the read-side of platform drive meaningful 
marginal value on the distribution side of the business? If we were to yank the read-side, 
would that harm the distribution business (both current + future)? I assume Justin + Doug 
driving this (Justin analysis for current value, Doug + Justin for what changes would mean to 
future monetization). -API Change Analysis - what is impact on the ecosystem of killing 
friend information. Doug/Charles/Vlad should drive (we haven’t kicked this off yet, but 
would be good to understand how many apps impacted, biggest apps impacted, whether 
we’d whitelist folks, etc.). Policy Changes - we didn’t talk about this on Monday, but we 
should just be prepared to talk about proposed policy changes. We can just use the slides already 
prepared.” (33) THIS IS THE SEEDS OF THE DECISION THEY ULTIMATELY WENT 
WITH TO NOT CHARGE FOR PLATFORM BUT CANNIBALIZE IT FOR NEKO AND 
SPECIAL DEALS. Osofsky responds: “Preserving the value of “read” data: what additional 
changes to platform are required to maintain the value of the data? API changes: friends’ basic 
info, contact info, extended info, stream API, search API. Policy changes: competing social 
networks, reciprocity, size-based restrictions.” Evaluating the risks. What are the risks with the 
above approaches (e.g., reaction of the developer community)?” (32). 





















FB-01221635 - Oct 9, 2012 Vernal checks with Sandberg who checks with Zuckerberg about 
Purdy and Osofsky attending an mteam offsite for the platform business model agenda item. 

FB-01221845 Aug 2012 Path Platfonn Agreement for “Reciprocal Sharing”. 


FB-01221863 - July 2012 Zuckerberg email to Tim Cook at Apple complaining about Apple’s 
arbitrary enforcement policies in its platform. The irony is tremendous. 


FB-01223017 - May 2012 task to fix bug in their friends list blacklist tool. “APPS- 


BLACKLISTED-T O-GET-FRIENDS” 


FB-01231617 - Feb 2010 Haugen, Taylor, Vernal “POP Via the API” discuss whitelisting apps 
to change the user’s privacy setting from the default the user set. Why even discuss that? 

FB-0123312 - June 2009 Cheever email to Vernal “If I were a dictator in charge of platform 
policy, I would probably do something like this: Philosophically, users own their data and have 
control over it. You can do whatever you want with data that you get from the API (store it 
forever, mash it up with other things, etc.) as long as the user is OK with that, i.e., if a user tells 
you to stop showing a particular old profile pic, you have to respect that. Beyond respecting user 
intent, the only restriction that Facebook puts in place is a rule against resyndication of data to 
other apps.” 


FB-01233673 - Feb 2009 Matt Hicks shares “Open v. Closed” chapter in “Planet Google” book, 
Facebook is closed, Google is open. 


D -01233837 - March 2008 Vernal email to Cheever on “platfonn vision statement rough 
draft”. “I think the mission of FB platform should be help users share information more 
efficiently by enabling external developers to build applications for interacting and sharing 
data using the social graph...If that’s the mission, then the strategy for platform would 
look something like: 1. Build the best possible social graph and expose it to developers. 2. 
Build the best possible experience for users to run applications. 3. Build the best possible 
tools for developers to write social applications. For the developer ecosystem to flourish, we 
need to make sure that developers can build sustainable businesses to support the 
applications that they build.” (37) This is in response to Cheever’s statement that “Facebook 
Platform should replace the web as the best way to make consumer software 
applications....If we do it right, the Facebook Platform can...effect another paradigm shift 
- where the critical mass of consumer applications and services moves from the plain old 
vanilla web to the socially enabled web.” (38) 


FB-01235289 - May 2013 Purdy Vernal Thaw Sukhar Randall discuss press briefing with 
reactive messaging regarding P3.0, incl answering why shut down Path, MessageMe, Viddy, etc. 


FB -01251928 - Jan 2014 chat Vernal Lessin Zuckerberg discuss Humin and Tinder. Lessin and 
Zuckerberg want to acquire Humin but don’t think they’ll sell. Vernal says Humin is exactly 
what Lessin wanted to do in contact management space. Lessin says “I am pretty annoyed to 
have been beaten to doing this well / would love to get the speed up of bringing them in.” 











Zuckerberg says yes on meeting Humin, no on meeting Sean Rad at Tinder because “No on 

wanting to meet the Tinder guy. I don’t think he’s that relevant. He probably just wants to 
make sure we won’t turn off their API, which we will adjust as part of our changes, and 
since we can’t talk about that the conversation will be awkward.” 


■ -01252038 - Oct 2013 Vernal chat with others. Platform app almost accidentally disclosed 
earnings ahead of time: “The above interaction could have been near-fatal for Facebook Platform 
/ Login / etc. If Mark had accidentally disclosed earnings ahead of time because a platform app 
violated his privacy.. .literally, that would have basically been fatal for Login / Open Graph / etc. 
Listen guys/gals DO NOT REPEAT THIS STORY OFF OF THIS THREAD. I’m super super 
serious here. I want us to follow-up on this and respond urgently here, but I also do not want this 
story spreading inside of Facebook or off of this thread at all. I can’t tell you how terrible this 
would have been for all of us had this not been caught quickly. Ling - when you ask Platform 
Ops about this, please don’t reference the story - just say someone got screwed by this and you 
want to follow-up.” WHAT IS THIS ABOUT? WHY IS ATTACHMENT NOT THERE? 


FB-01290070 - Nov 20120 Taylor Swain Vernal discuss Google getting user data as leverage 
over competitors and convincing public it’s about user value etc., and bashing FB for not letting 
users export data. Taylor on 71: “This is about Google using your data as leverage against 
competitors. It is not about “openness”. Open means being open even when it is not convenient 
for you. No end user benefits from this in any way. Now you can’t use your Gmail contacts when 
you want to use them because of Google’s aggressive stance towards its competitors. To pretend 
this is about benefiting end users ignores the fact that this only reduces choice. This is 
tantamount to politicians renaming initiatives (“Death Tax” or “Health Spending Bill”) in an 
effort to cast aggressive tactics in a more favorable light, and I am really surprised so many 
people here are so willing to support it. And this is not the first time Google has done this. They 
blocked the data portability of email in their own social network (Orkut) last year for competitive 
reasons.” Vernal says he agrees and they should publish it. THIS IS EXACTLY WHAT 643 
WOULD SAY FACEBOOK DID - THEY TOOK A PAGE FROM GOOGLE’S 
PLAYBOOK! 


FB -01291343 - March 2010 summary of issues with Apple to prep for Mark following up with 
Jobs. “API Access. Apple wants access to any and all whitelisted APIs we make available to 
similarly situated companies. This limits our ability to do anything exclusive for anyone for 
5 years. Recommendation : concede this if we get what we want on other points.” Term sheet 


on FB-01291529. 

FB-01301467 - July 2008 Vernal agrees they should have a data export tool. “Re: literal export - 
fwiw, I pretty strongly agree. I think a small investment in a little-used tool would go a ways 
towards silencing the philosophical criticism that we hoard your data.” “Export My Info” feature 


FB-01312769 - August 2013 Purdy Vernal chat where Zuckerberg had apparently sent them an 
email about Platform 3.0 ripping into them. Purdy: “I was feeling sick when I saw Mark Z’s 
email too. I thought I really fucked up.” Vernal: “You should tread lightly here. Internally and 
externally... .What the hell are we doing here? Are people that confused? My serious reaction 
here is unhappiness with the product (and eng) team. This doesn’t seem that hard. I feel like no 
one is in control. This is why I always feel the need to dive-bomb PM, because I feel like we 









have no real plan here [regarding Inbox API].” Vernal sends apology to Cameron at Netflix 
regarding “amateur hour” saying “We think enabling people to invite their friends to try an 
app is a key use case for platform and something we intend to support over the long-term. 
In this particular case, we’re contemplating some changes to exactly how this works (the 
mecahnics), but not the use case in general.” (70-71) LIES TO NETFLIX. SOUNDS LIKE 
ZUCKERBERG YELLED AT THEM FOR REVEALING P3.0 TO NETFLIX??? Purdy: 
“I just read this message to the entire core platform PM team and said we are all fired if 
you have to send another one of these emails. We are debugging this right now.... I am just 
tired of fighting on the developer front of the company. I wanted to lead another front or 
open a new one....This is also why I am not as passionately driving the platform 3.0 effort 
as I could be (but I will get it done for you - note the motivation). I had basically given 
Platform to Vlad because I didn’t want to fight anymore and wanted to do something else. 
This has hindsight bias, but I think it accurately represents my current understanding of 
the failure here. This also explains why I was so deflated on Friday after my meeting with 
Zuck. He basically told me that I had to ‘get back to digging ditches before you can do 
anything new. Oh, and I Don’t believe you can start a new thing anyway because you can 
only work in developer and in large teams’. Creative license there, of course, but I hope that 
communicates my takeaway...(72) Then Purdy says still iterating on Platform 3.0 and Vernal 
says want a locked plan by end of week. PURDY DOESN’T WANT TO CARRY WATER 
FOR PLATFORM 3.0. 


FB-01318362 - reciprocity action importer flows with redacted Instagram example (attached to 
FB-01318351 RoseYao Nov 2012 email) 


FB-01318429 - Oct 21, 2012 Platform Business Model setting up meeting to discuss with Mark 
with Vernal, Lessin, Purdy, Osofsky, Olivan, Rose, Sandberg (optional). 


FB -01331629 - January 17, 2015 - Zuckerberg emails: “I’ve spent a lot of time recently thinking 
about the decline in content production, and I wanted to upgrade our sense of urgency around 
this. I now thi nk this is the biggest issue we face as a company.... “Content production” or 
“overall sharing” refers to any kind of sharing a person does in any of our products, including 
posting a photo or sending a message. “Friend sharing” is anything that a person shares with 
their friends in News Feed. Friend sharing is a subset of overall content production.... The 
average person shares 5 pieces of content with their friends each week.... We are declining in 
friend sharing more or less across the board at a rate of about 10% per year, on a per person 
basis. However, the full picture is much worse than this, because we believe the amount of 
overall sharing ***happening the world*** has continued to increase at a nearly exponential 
rate. So in effect, our market share of sharing is declining at a much faster rate than our internal 
friend sharing metrics suggest. Our other properties besides News Feed are not doing any better, 
with the exception of WhatsApp. Instagram’s sharing has actually declined at a faster rate than 
News Feed’s. Messenger is not friend sharing per se, but while it has increased mobile 
messaging per person, overall messaging volume has been flat and per person has decreased as 
we’ve made the transition to mobile. WhatsApp has grown enormously though, from 19B to 30B 
messages per day - that margin of growth alone represents almost the sum entirety of all content 
shared across our other services - in just the time since the acquisition. One implication fo this is 
that the decline is driven less by competition than we often state, and more driven by internal 





factors in our own products. We had hypothesized that sharing was moving from Facebook to 
Instagram, but that is unlikely given Instagram’s sharing is declining even more quickly. More 
recently, we worry that sharing is moving to Snapchat, but outside of teens Snapchat’s volume is 
too small and too recent to account for the overall decline we see. We see declines in sharing 
dating back much longer and spanning across demographics unlikely to adopt Snapchat or other 
news apps, which refute the primarily competition-driven theory. Messaging is large enough 
trend to impact this picture, and while we believe that is happening, our data generally suggests 
we should look inward to improve.... Messaging is so critical to our future because the physics 
of News Feed prevent it from ever fully being able to make up this gap. Messaging is a multiple- 
times-per-day use case, where News Feed may have natural boundaries that prevent it from ever 
being that.... It also highlights the brilliance in the design of Snapchat’s status-sharing product 
My Story. A critical design detail was making it so that when you post a story to your friends, it 
doesn’t create a new story but instead just appends your most recent video to the end of the last 
one you posted (with each segment expiring in 24 hours). This makes it much more difficult to 
spam your friends with too many posts and dramatically increases the potential throughput of 
their system. Essentially, they have designed a feed-like system that enables you to post 10+ 
times each day and remain in constant contact asynchronously without annoying your friends.... 
It is worth noting that Snapchat is growing quickly again after a 5-month long summer 
period of slow growth. So it seems like a meaningful portion of overall sharing could 
increasingly go to Snapchat.” HOW DOES MARK KNOW SNAPCHAT’S GROWTH AT 
THAT LEVEL OF DETAIL? Details how Snapchat focuses on production not 
consumption and FB is the opposite. Focus FB on creating new surfaces optimized for 
production and over-correct in this direction to increase velocity of sharing. Talks about 
building a platform ecosystem of sharing tools and having FB tools and third party tools. 
(On FB-01331665 he talks about removing developers if they build their own feeds and that 
doing so would be a “strong deterrent for developers to choose to compete against us”.) 


FB -01335815 - Jan 2013 email about blocking competitors from buying neko ads. Zuckerberg: 
“I think we should block WeChat, Kakao and Line ads. Those companies are trying to 
build social networks and replace us. The revenue is immaterial to us compared to any 
risk. And I agree we should use ads to promote our own products, but I’d still block 
companies that compete with our core from gaining any advantage from us. I’d also keep 
blocking Google but otherwise wouldn’t extend the block to anyone else.” Olivan on 16, “we 
will look like complete idiots if we lose our business to these messenger services and help them 
along the way for a couple of $$. The sum-product of shift to mobile + messenger services 
morphing into fully fleshed SSN sites is IMO the biggest competitive threat we face as a 
business.” Schroepfer and Fisher and Hoffman think they should keep it open to competitors. In 
August 2012, Sheryl and Mark both say no to google. On 18, Zuckerberg writes: “We can 
always change later if the market develops so our competitors are a smaller part.” On 19, Sheryl 
“I would block Google. Mark?” Started because Twitter wanted to buy neko ads. On 17, 
Hoffman describes in Jan 2013, “On the Platform side, we’re restricting access to friends.get 
for all messenger apps so that they’re not using our data to compete with us.” 


FB-01342716 - Nov 2013 Purdy Vernal chat discussing Zuckerberg asking “is there enough 
space between login v4 blowback (if any) and f8” 





FB-01343879 - May 2012 partner update with deck at 96 discussing action importer tests with 
big partners, video play button removal, path/quora partnerships, etc. 


■ -01215116 - Feb 2009 responding to Hadi Partovi complaining about FB allowing its own 
apps to do things platform apps cannot, employees say that Fladi has a right to be mad because 
he’s right. Vernal then says: “Also, as a philosophical point, I think we should back down on 
a promise of ‘parity’.” 


FB-00194154 - Dec 2013 Randall note to Swain and Jonny Thaw. “In prep for Platform 
Simplification, we’re putting together a list of developers who we think could be noisy and 
negative in press about the changes we’re making. Primarily we think it will be a list of the 
usual suspects from past policy enforcements. We’d love to pull from your historic knowledge 
on the topic. Is there anybody you’d add to the list below? We’re going to build plans around 
how we manage and communicate with each of these developers. There are also comms 
plans in the works for working with developers who are high ad spenders and friends of 
Mark/Sheryl.” Lists: iLike, Rock You, Zynga, Path, Flipboard, Slide, Social Fixer, 
SocialCam, Viddy, BranchOut, Vince, Voxer, Message Me, Lulu, Anil Dash, Super Cell, 
Kabam, Wash Post, Guardian WSJ, Jason Calacanis, Circle, Bang with friends, Tinder, 
Social Roullete, App Wonder, Ark, Vintage Camera, Girls Around Me. 


FB-00914098 - May 2013 On 99, Justin O explains to Vernal, Zuck, Sandberg, Federov meeting 
with Dave Morin. Dave said: “He argued that we should turn friends.get back on because it 
helped users become more engaged on Path. He also stated that developers are abandoning 
platform because they cannot trust us, and that last week’s actions were a perfect example of 
why. We explained that we did not plan to turn on their access to friends.get.. .1 explained that 
we needed to up level the conversation and find ab roader strategic alignment between our 
companies to provide access.... Dave disagreed with this position (stating that the social graph is 
a “public good”)...” The guy who helped create the social graph and FB Platform now getting 
screwed by FB reneging on its promises. Purdy writes back: “I think there are two broad paths 







forward here: 1. Consider them a competitor and they get Login/Sharing. This is the status quo of 
what they have today and at parity with al 1 the other competitors of this class. 2. Consider them 
a competitor, but one we could have a deeper partnership in the future (our previous stance). We 
give them the app Friend Sharing APIs (that is mainly read) and then decide if we reeanable 
friends.get again as we work toward that future partnership. #1 has the benefit of 
simplicity/clarity to the market. #2 has the most option value for us.” 

FB-01199289 - May 2013 Morin sends email saying FB is going “completely nuclear on the 
relationship and to separate the companies into full competition going forward. Last night Justin 
communicated we would only be loosing access to friend finding due to Facebook’s opinion that 
our new user experience is a bad experience that surprises uses.” But then FB made changes that 
completely broke the Path app’s ability to post to FB (FB-01199295). Morin emails Sheryl 
Sandberg. Sheryl forward on a string with Zuckerberg, who writes: “Can you update this thread 
when they’ve confirmed to us that posting still works? I want to make sure this gets fees de- 
escalated tonight.” 

FB-01338901 - July 2008 Vernal Moskowitz debate “Export My Info” feature to quell criticism 
FB hoards data. 


FB -00947595 - Nov 2012 Vernal, Purdy, Rose, Lessin, Osofsky discussing the beginning of 
Platform 3.0. Vernal: “Yeah - I’ve been bucketing all these changes into something I’m 
calling “Platform 3.0.” Specifically: Paid Developer Model. Removing a bunch of APIs (e.g. 
all the friend ones). New invitations model on iOS, Android, etc. Removing non-TOSed 
Friends. API charging above a certain usage threshold. Data reciprocity policy. Action 
importer spec. (Potentially) one premium service, just to set the tone for premium services. I 
think we need to roll all these changes out together as a big package with heavy messaging. This 
will likely be similar to the Twitter changes they just launched in temrs of impact on the 
ecosystem.” Vernal then suggests they announce soon with a blog post. Justin responds: 
“Blog post. Doug and I are working with Jen Taylor and Swain to update the prior draft. 

We’ll circulate it to this team once it’s ready.Reciprocity. I worked with Ali to take a first 

cut at this policy which incorporates Mike’s concept of providing us with the option to prompt 
users to pull in data from FB. Draft language: “If your app requests additional information 
beyond a user’s public profile, you must provide users with a prominent option to share the 
social actions they take within your app back to Facebook (such as engaging with your 
app’s content or creating new user connections). You must easily enable this sharing 
functionality both within your app and by implementing our Action Syncing Protocol. 
Enforcement. Historically, we’ve treated policy enforcement as a secondary function of platform. 
One of my top priorities is to significantly up level this function, an this will begin by hiring a 
manager with far different capabilities than previous folks. We’re close to extending an offer to 
an internal candidate who fits this profile (e.g. HLS grad, a decade as a federal prosecutor, user 
privacy and law enforcement experience). I’m also working with Colin to develop a more 
proactive and strategic approach to enforcement in competitive and other key contexts. We 
met yesterday and he’ll send an a/c privileged summary as a next step (I’ll provide more 
thoughts in the context of this note).” Rose says: “Let’s also add a slide on how we will 
manage the competitive use policy, and whether/how we will enforce differently against 
large developers who are over the size threshold. Vernal had a good idea. Justin / Ime - 






let’s identify our top 20 developers and put together a straw man for how we will enforce 
reciprocity with each of them. We need this for the meeting with Mark on Monday to help 
ground the discussion about what “full reciprocity” actually means from an enforcement 
perspective.” Vernal then clarifies that the 20 apps should be “the apps that Mark knows, 
loves, and is concerned about.” Mark’s limit test for actions for which reciprocity is 
required according to Vernal is “any action you take that is visible to other people”. Jolley 
responds: “Have we thought about / talked through the complexity and risk we are placing 
on our developers? We are asking developers to potentially take on a lot of work in order 
to integrate with us in the first place, but my concern is that a broadly scoped definition 
(i.e. “any action you take that is visible to other people”) seems like it would introduce a lot 
of risk for the developer in that they would never know exactly what we might define as in 
scope / out of scope.... The other one issue is with requiring full reciprocity - which as I 
understand it means that if you read any of our social graph then you must publish back all 
social actions. In this sense, the developer is no longer in control except that they could opt 
completely out of our graph. There is no sense of investment matching the reward; I have a 
potentially high up front cost to get anything out of FB. I don’t have a good framework to 
think about how this will impact adoption yet; but it seems like a high risk.” FB-00947631 - 
Vernal responds on this thread that “I thi nk this is a legit flaw - people could use the social graph 
but not have any social actions (either because it’s not social, or because it only enables 1:1 
messaging).” 


FB-01201984 Osofsky explains to Vernal that Monica Bickert is the HLS grad who will step in 
to enforce against competitors more and that Colin, Ellen and Jud met for an hour on 
November 19, 2012 about this and “Colin will write an a/c privileged email to provide 
advice on this issue.” Osofsky responding based on Vernal saying “One of the things Javi 
routinely beats us up for (perhaps validly) is our enforcement. He is concerned we don’t 
have enough strategic-oriented people looking at our usage dashboards and finding things 
that might be abusive or competitive and acting on them.... One of the things Mark flags 
below is getting more aggressive on the enforcement side.” 


FB -01151043 - March 2013 Archibong writes to Bickert, Lessin, Osofsky, Purdy - “I met with 
the Refresh team to brainstorm reciprocity in their app. To be very frank, together we 
struggled (and I still struggle) to identify any value they could provide to FB that would 
ever be sufficient to equate a reciprocal value exchange. They are taking a ton of data from 
us. In fact, the closest we got was if they published the professional graph (aka Linkedln 
graph) to us, but clearly Linkedln would shut them off immediately. Optimistically, I think 
we have two real options for Refresh.io: 1. Acqui-hire this team and have them work on 
this at FB. Reminder that that the Identity team is building a similar UEX. @Sam any 
interest here? 2. Restrict their access to our APIs and data, but let them use login. If we’re 
not interested in #1, I’d like to move forward and signal #2 to them soon. Ideally, before 
they continue investing too much in FB. I want to avoid a situation where we let them 
launch, they get traction, and we’re forced to grandfather them in when Platform 3.0 
lands.” FB-01252898 Purdy “I don’t like the optics here if they say no, however” (98). Lessin 
writes that they would be a good acquihire and he is going to try and do it by setting up drinks 
with them. Bickert: “It sounds like these guys are pretty reasonable and not publicity- 
hounds. However, in the past, we’ve had some press headaches when devs have publicly 





claimed that we enforced against them because of failed acquisition negotiations (e.g. 
Dalton Caldwell and MessageMe). To position ourselves well here, we should make sure 
that during any aqui-hire talks with Refresh, we’re clear with them they are already 
violating our policies and that enforcement is ultimately likely. I believe Sam and Ime have 
already communicated that to some extent. If the aqui-hire doesn’t work out, we’ll delay 
our enforcement until a few weeks after the earnings call.” (98-99) 


FB -01155097 - Vernal Dec 2012 “Platform Business Model. We finalized these conversations 
about the business model and the team is now working on implementing this via the Platform 3.0 
launch, which we’ll shoot to launch towards the end of Q1 and will involve simplifying the 
surface area of our API, introducing a paid developer model ($49/app/year), and 
announcing our data reciprocity policy.” Did you launch this end of Ql? Did you introduce a 
paid developer model at $49 per year? 


FB-01122499 - Nov 2009 at 502 Vernal states that “Mark asked me to add some important use 
cases for friend data... Silverface - this has a feature that lets you view all your friends’ photos 
in a screensaver.” Discussion of how to bucket or granularize access to friend permissions on 


FB. 


FB -01196501 - Sept 2013 Platfonn Narrative Thoughts. Sukhar, Larkin, Purdy, Daniels, Vernal, 
Archibong, Thaw - Sukhar: “Totally agree that devs will fixate on the friends deprecation. 
However, I want us to be really careful not to frame the “replacements” as actual replacements. 
They’re just not so I think we’re better off emphasizing the focus on trust, the move away from 
portability, etc.” Thaw writes: “I think Chris’s framing works well for press. One thing we’ve 
been thinking about is that the press will listen to this narrative and ask: what’s the 
headline? Riht now, it will either be: “Facebook Commits to SLAs and Keeping APIs 
Stable for Two Years” or, more likely, “Facebook Ki lls News Feed and Friends API, 
Cutting Off a Key Avenue for App Growth”. So the more “surprising” and interesting we 
can make the other news, the better. From the consumer perspective, I guess we really 
want headlines like: “No More App Spam: Apps Can No Longer Ping Your Facebook 
Friends Asking Them to Join”. The ultimate message may be something like: people won’t 
use Platform if they don’t trust it, these changes are designed to increase trust in Platform, 
increased trust in Platform ultimately helps developers.” 


FB -00947652 - Nov 2012 Zuckerberg responds to his string about “full reciprocity” saying “We 
don’t have time for a meeting tomorrow, but I’ll give you the green light to start exploring 
this immediately. I agree we really want to do this.” (53) This is in response to Vernal 
writing: “My net is that we should decide to have a special program for mobile games where 
they get special treatment in exchange for a 30% net (21% gross) rev share.” (54) FB-00947572 
Cox says they should take this on as part of Angora to engage their mobile core design team. 


FB-01318333 - Nov 2012 same string Vernal: “we need to move quickly as Kakao + Line are 
building interesting businesses here” in response to Sean Ryan saying: “Watching the 
aggressive moves by Kakao and Line (Line Pop now #1 free iOS game in 6 countries) to 
expand their mobile games platforms outside of their home countries, plus the 
extraordinary revenue they believe they can generate, we need to move faster and with a 














simpler approach than a complex set of premium read-side services will require”. Changing 
their tune in order to address competitors right away. 


FB -00948246 - Nov 2012 - Vernal response to Rose on Platfonn Model Thoughts - “I don’t 
think that’s how Mark defines total reciprocity - he defines it as every piece of content by that 
user that can be seen by another user. What Mark is saying is he wants certain partners (I 
assume not all) to give us news feeds on behalf of their users, which is kind of crazy.” This 
is in response to Rose saying: “I think the newsfeed scenario ties to Mark’s concept of total 
reciprocity. His definition of “total” is that the app sends us every piece of public content 
that can be viewed by that user. For apps like Pinterest, this essentially equates to their 
entire feed. So if we require them to send us their feed, it would be awkward to take away 
our own feed at the same time.” 

FB-00948264 - Vernal responding to full reciprocity. “The only thing I was surprised / 
confused by was the News Feed scenario below (letting a user import everything they can 
see from another app onto Facebook, e.g. all your friends’ pins). We haven’t talked about 
that before in-depth, I’m not really sure why Pinterest or others would allow us to do this, 
etc. Would be good to dive on that use case in person (or if there is someone who can 
educate me about it in the interim, that would be good).” FULL RECIPROCITY REALLY 
MEANS SHUTTING EVERYONE DOWN. 


FB-00948258 - Nov 2012 Vernal tasks Purdy and Federov with Platform 3.0 saying P3.0 and 
mobile monetization are the two highest priority items for first half of 2013 and that he wants to 
bowl Zuck over with the level of our product thinking and execution. 


FB-01155747 - Nov 2012 Sandberg forwards Zuckerberg’s full reciprocity note to Elliot 
Schrage, Erin Egan and Eric Antonow to share any concerns and says Vernal can answer them. 


FB-01155756 - Nov 2012 Sandberg responding to Zuck’s full reciprocity email: “I think the 
observation that we are trying to maximize sharing on facebook, not just sharing in the 
world, is a critical one. I like full reciprocity and this is the heart of why.” 


FB-01220175 - May 2013 Purdy telling Vernal the plan is to announce Platform 3.0 on June 
26 2013 on the developer blog. On 76 he states “We decided to make a change that we 
should discuss today. In short, we are going to roll out App Review in the Sept/Oct 
timeframe (no change in schedule) without making a breaking change announcement this 
summer requiring reciprocity. The reason for this is that we want to be able to tell a 
positive story about action importers - they really help drive growth and engagement for 
your app - rather than “this is the tax to get access to the graph”. We should be in a 
position to tell that story by the Sept/Oct and then we can work through we mandate that 
then.” 


FB-00947879 - Nov 2012 email Zuckerberg approving 30% rev share for games. “This 
makes a lot of sense to me and I think we should do it.” Responding to Schultz: “we should 
test this combination of business model (30% rev share post apple/google take). Can we 
please have permission to take a run at this business model?” (80) 
















FB-00725470 - April 2014 bad article about F8 where SGN and Mahan are quoted. Discuss 
reaching out to SGN. Discuss kicking SGN out of the alpha for the new ad network. Tera 
Randall says to call SGN rather than email because “would prefer to keep it offline, if 
possible.... Easy to forward to a reporter.” Tim Rathschmidt, FB employee, says “+1 to Tera’s 
point (per the usual)”. 

FB 00088797 - Privacy update email from Jan 2014. Matt Scutari writes on 98 “Onavo Data 
Retention. Matt is working with the XFN team to help Onavo develop and implement data 
retention policies for new and existing users.” Sherman writes on 801, “Unpacking privacy 
research. Maritza continued data collection for our initial “unpacking privacy” research project, 

which aims to provide evidence that the privacy concerns expressed by consumers are 
generally about wanting to have control over who sees the information they post - 

something that Facebook does well - and that initiatives to “solve privacy” in other ways are 
therefore missing the mark. Initial results support this conclusion, and also point out that much of 
the discomfort about privacy at Facebook has related to frequent changes in our policies, which 
leave people uncertain about whether the audience controls they established are continuing to be 
honored.” DOES ROB SHERMAN SAY THEIR RESESARCH IS “AIMED AT 
PROVIDING EVIDENCE”? - IS THAT THE PURPOSE OF RESEARCH, TO LOOK 
FOR THE CONCLUSION YOU WANT? SEPARATELY, WHY WOULD ONAVO 
WANT TO RETAIN USER DATA? 

FB-00089734 - Dec 2013 Matt Scutari privacy project email to Rob Sherman. On 35, “PYMK 
Friends List Visibility. A researcher flagged and publicized that creating a new FB account and 
sending a single friend request will reveal the recipient’s friends via PYMK suggestions 
regardless of friends list visibility. This is an intended behavior designed to maximize the 
relevance of PYMK suggestions for new users. We are working with Growth on a short-tenn 
fix, which will likely consist of requiring at least one side of a friendship to be visible when 
returning PYMK suggestions to a user with only one connection. We are also discussing 
whether a better long-term approach would be to honor friends list visibility for PYMK 
suggestions and will be meeting with the growth team to discuss long-term options for testing.” 
VIOLATING FRIENDS LIST PRIVACY FOR PEOPLE YOU MAY KNOW 
SUGGESTIONS. DISCUSSING WITH GROWTH A LONG TERM FIX THAT ENTAILS 
NOT VIOLATING PEOPLE’S PRIVACY PREFERENCES. WAS IT IMPLEMENTED? 
On 38, “Onavo app lookalike targeting. Proposed test with a few advertisers where Onavo 
would pass ad identifiers for devices that have an advertiser’s app installed to Facebook. 
Facebook would create a lookalike audience that would allow targeting of people who are 
demographically similar to those who have the app installed.” On 40, “Use of Call Log Data. 
Product wants to use call log data (e.g. duration/frequency/recency of incoming.outgoing 
calls/texts) to generate PYMK suggestions following contact import. Call log data was 
being collected, used, for this purpose, and stored in the past, but once we became aware of 
this, product agreed to stop doing this until they receive advice from Legal and Policy. In 
addition, there has been discussion regarding the use of call log data in connection with 
Messenger 3.0. Use of call log data in either case is on hold pending further input from 
Legal.” On 41, “ ‘Only Me’ Stickiness. Mark has asked Blake and Raylene look into making 
“Only Me” not sticky. His concern spawned from an incident where Priscilla was unaware 




that she was still sharing with ‘Only Me’ and was disappointed when she wasn’t getting 
any feedback on her posts.... The tentative proposal is to modal users who are posting to 
Only Me and give users the choice to either continue or to choose a different audience. We 

have recommended that this approach will be lower risk if the user is presented with the full 
audience selector rather than only two choices (Only Me and Friends). We’ve also recommended 
that this effort be coupled with Mike Nowak’s parallel effort to ensure that users who are posting 
to Public do not intend to be posting to Friends.” On 42, “Profile Accuracy ‘Quiz’. Identity has 
proposed a profile suggestion flow that would prompt people to take a quick titled “How well do 
you know your friends?” For example, users would be asked to select which of four friends 
attended a particular university.. .Incorrect answers would prompt users to send a suggestion to 
the friend based on the user’s response, with the goal being to correct inaccuracies on user 
profiles. Our initial feedback is that this flow suggests that we are trying to trick users into 
providing data about their friends, but legal and PR have signed off on this.” 

FB-00059271 - Jan 2014, at 73, FB employee writes “The three files attached are. 1. 
Consolidated Onavo List - simple list of the apps across the three regions. All data is hard coded 
and sortable. 2. Onavo Data (US Final) - working US file, sortable final list allows scoring and # 
of apps to be adjusted. 3. Onavo Data (inti) - similar to #2 but for International.” WHERE ARE 
THESE ATTACHMENTS? 


FB-00174869 - F8 2015 briefing book March 2015 - On 70, “Facebook Family of Apps. 
Facebook used to be just one blue app on your phone. If you wanted to share a piece of content 
with friends, this was often your first choice as no other apps had reached Facebook’s scale. 
Now, Facebook is a family of apps. Around 1.4 billion people use our core service each month, 
but there are also 700 million people using Groups and WhatsApp. 600 million people use 
Messenger and Instagram has 300 million monthly actives. The reason we’re building out the 
Facebook family is to give people more options for connecting.” 


|b -00281983 - Oct 2013 announcing Onavo acquisition “It gives us good insight into what’s 
going on in the market, both with Facebook apps and other apps. Onavo will allow us to do this 
because they have built a set of products that give consumers value by either compressing data 
and using less of it or giving them analytics on how they use their own data. Those tools are 
technically sophisticated in how they have been built and very useful for our Internet.org goals of 
reducing the amount of data that people have to consume overall. The Onavo team is a great fit 
with ours, and Mark thinks this will be really valuable to our company.” THIS IS THE SETUP 


BEFEORE THE WHATSAPP CHART FROM OLIVAN USING ONAVO DATA. DID FB 
EVER USE ONAVO DATA TO TRACK COMPETITORS’ APPS? 


FB-00790902 - Onavo app being integrated into Facebook Platform with no call throttling. 

FB-00725983 - March 2014 Kevin Prior FB employee wants to publish some Onavo data on app 
analytics. “We could also position the post so it’s almost like a guest blog from “the Onavo 
team” rather than us, so it still seems like its still operating as its own entity and that 
Facebook data and Onavo data aren’t becoming commingled.” FB PR Tera Randall and 
Eliza Kern seem ok with this. Kevin then follows up that he “chatted with Calvin from Onavo 
and looks like this has turned into a non-starter.” 





FB-00807301 - December 2013 Cross task with Master Table of all apps impacted by PS12N 
deprecations. “There will be a lot of developers affected by deprecations and privatization of 
APIs with PS12N. This task specifically focuses on the APIs that are moving from public to 
private/deprecated.” Estimates 5,000 apps affected by deprecation and privatization of APIs. 06 
- reaching out to apps who are friends with Mark and apps who will be “noisy”. 08 - in ranking 
developers for outreach and whitelisting, Raquel Munoz writes that “developers who are friends 
of Mark rank higher, as well as apps that generate TPV.” Cross responds: “does ad spend include 
Neko?” Munoz responds “Ad spend AFAIK doesn’t include Neko, I didn’t include Neko on my 
criteria but now that you’ve brought it up it might be a good idea since I’m already prioritizing 
by mobile apps over other platforms. I would use this table to include the Neko spend [includes 
URL] but it first needs to be migrated to the platfonn namespace. We would also need to include 
the average Neko spend over 30d rather than the single daily value. Does that sound right?” This 
document is also marked highly confidential without any legitimate basis under the requirements 
for a highly confidential designation under the Protective Order. 

FB-01264108 - Feb 2012 email between Caughan Smith and Chris Daniels with Vernal treating 
Microsoft Windows as a first party app so it can access friend data even from people who block 
platform access to their info. 


FB-01339851-54 - M team discussion of Autopilot launch March 2015 where Facebook changes 
privacy model for users to set their privacy by default rather than having it be sticky with each 
post. 


FB -01348492-501 - December 2014 task where custom audience tools leaks private data 
enabling an app to see the users of its competitors, but FB decided to build it in a way that “leads 
to privacy and targeting leaks”. “In the attached screenshot, you can see our upload of 8.5 
million user ids filtered down to the 112,200 people who have also played Plants vs. Zombies. 
Valuable to us but definitely not something that was intended for us to be able to do.” Also able 
to get list of users part of same Facebook group even if privacy settings prevent it. “We 
deliberately not lock down the app ID after Leon Cho did some extensive study which involved 
different stakeholders in the decision making process.” Was Javi a stakeholder? “It looks like we 
fixed a behavior where you could try to identify whether an individual was using an app.” 
Marked highly confidential without basis. 


LB-01348552-58 - Unilever dove app seeking exception or extension of timeline in June 2014. 


FB-01348608-10 - May 2014 discussing pennissions denied in Login Review. On 10, shows 
rejection rate of permissions (100% rejecting read_friendslist because developers believe it gates 
access to friends permissions). 62% rejection rate of user photos because FB doesn’t see utility. 


|b -01348636 April 2014 Hendrix note. “We do have a change in our approach to 
enforcement.... Additional background on enforcement: When we first launched this policy, Bret 








Taylor did not want us to enforce it because people had control over what they shared and we 
didn’t have insight into a developer’s roadmap for building new features into the app. A few 
years ago we got XFN approval to be stricter in our approach , and to begin enforcing where the 
developer wasn’t making clear use of the data he/she was requesting. This was reactive, 
however, so with Unified we improve our enforcement by proactively reviewing these apps for 
compliance before they get access to the permission.” They never announced this XFN approval 
to be stricter with their approach. 

FB-01348663 - April 2014 discussion of unified login review. 65 shows new interpretation of 
II. 1 only take data that improves a person’s experience in app. 66 shows Tinder being accepted 
with GroupOn being rejected because not using personalized info in app. 

FB-01348784 - Hendrix circulates in Feb 2013 new platfonn policies. 85 still references 
building rich social experiences, building a business, reaching a massive audience, realizing 
significant growth. Continues to conceal decision and induce developers. 89, “13. Don’t use a 
person’s friend list outside your app”. Already had policy prohibiting this concern of graph 
leakage. 86,, “II.2. Reciprocity: Facebook APIs enables developers to build personalized or 
social experiences, you must also enable people to easily share their actions and content back to 
Facebook.” 92, “4. We give you all rights necessary to use the code, APIs, or tools you receive 
from us. Don’t sell, transfer, or sublicense our code, APIs, or tools to anyone without our prior 
permission.” Marked highly confidential. 95, discussion of the fact that the enforcement they 
took against Apple would be permitted under these policies. FB-01348799 related string. Starting 
at 801 shows new versus old policies in full. FB-01348834 - “On 1.10, Love the split. Are we 
planning on getting more specific that for reciprocity, Vernal wants both a) the ability for people 
to share from the app, and b) the ability for us to suck data from the app via timeline?” 

FB-01348846 - email from attorney that says is protected by attorney-client privilege. 

FB-01348853 - email sharing deck on Platform/Risk Ops, grow great ad platfonn, align 
developers, etc. March 2012. Deck starts at 55. 

FB-01348885 - Sept 2014 email regarding Privacy Checkup feature with Paddy Underwood, 
Federov, Liu, O’Neil and others. “We asked about trust and satisfaction with Facebook and with 
privacy overall. Neither were negative, both were flat.... We didn’t get any feedback around 
people feeling overwhelmed by their apps or any confusion around app privacy controls. People 
just found it helpful to review their apps.” 

FB-01348905 - discussion with Apple in May 2012 about getting legal approval for apple 
white list for flipboard and other apps FB trusts. 

FB-01348995 - Sukhar O’Neil Feb 2014 setting up mtg to brief Colin Stretch so FB can take 
advantage of the beneficial public policy outcomes of PS12N announcement. 

FB-01349007 - Aug 2014 email chain finding apps that don’t ask for publish permissions but are 
recognizable. “Reason I’m asking is that we’re anticipating some sensitivities around people 
seeing apps in the privacy checkup that they never gave publish permissions to and not 


understanding what the audience selector next to them controls, or even worse thinking 
Facebook gave publish permissions to the apps anyway. If we have some directional sense that 
say only 5-10% of people’s apps have publish permissions than that would have really different 
implications for our communications plans than say if 85% don’t have them.” Is this reciprocity 
enforcement in Aug 2014? 


FB -00013982 - Presentation on F8 2014 Login and announcement about developer and user 
trust, showing competitors, possible competitors, aligned (Tinder) and partner (Apple) (FB- 
00014011). Shows permissions being deprecated widely used. 


FB -00085371 - Starting on 79, article announcing in June 2014 that Facebook now has an 
optional feature to turn on your microphone and listen in to your background noise. 


FB-00085430 - June 2014 Scutari privacy email update. On 33, notes that Rob Sherman briefed 
FTC on “People First improvements” and the “briefing overall went well - in particular, no red 
flags for OB A launch”. 


FB-00085589 - privacy report on minors discussed on 90 all measures taken to ensure privacy of 
children. 


FB-00085794 - May 2014 discussing privacy coverage as “turning over a new leaf’ for 
Facebook and showing its commitment to user privacy. Key quotes from reporters on FB’s 
renewed focus on privacy and people first message. 


FB-00085864 - May 2014 discussing FT article on privacy policy change. Sherman writes that 
EFF told him as “long as we use the privacy dinosaur they’re happy ©” 


FB -00086202 - May 2014, summarizing FTC relationship and meeting with Jessica Rich and 
Dan Kaufman, who oversee Bureau of Consumer Protection. Notes two issues tainting the 
positive relationship, one is a reminder of their obligation to protect user privacy after the 
WhatsApp acquisition. “This was a highly unusual move, both because it was preemptive (before 
the acquisition closed) and because it was an external communication rather than a private phone 

call.We are eager to return to a more consistently productive relationship with the FTC.” On 

04, “We felt that it was counter-productive to send a letter that negatively impacts our business, 
even though there is no reason to believe that we are doing anything wrong.” Marked highly 
confidential. 


FB-00087000 - Great EU report from March 2014 on intersection of competition, user privacy 
and big data. Marked highly confidential. 


■ -00089687 - Sherman discussing in Dec 2013 use of robots.txt to prevent internet archive 
from crawling site. Assures EFF rep that the sections for data use policy and SRR is not being 
restricted by robots.txt. Kurt Opsahl kurt@eff.org . Kurt notes that EFF made a request for 
Facebook to stop blocking the Internet Archive from storing prior SRR versions and Facebook 
policies/representations. 
















FB-00090921 - August 2013 report from Stephanie Cutter’s firm Precision Strategies on how 
Facebook needs to position its privacy language to build trust. Notes Google perceived to be 
better on privacy and creates opportunity for FB to show how FB gives users control over their 
privacy. Marked highly confidential. 

FB-00091838 - summary of difft companies’ privacy settings for location tracking 

FB-00092170 - May 2013 App economy paper where Purdy writes that “all categories of 
developers continue to build with Facebook (fitness, books, music, games, etc.) with over 10 
million apps and websites integrated with Facebook.” 


FB-00092738 - privacy cross function deck from April 2013 that, among other things, discusses 
using Onavo data at Facebook. 


FB -00093352 - March 2013 email from Rob Sherman describing existing privacy settings: “You 
can choose what info your friends can bring them with you to the apps you use. You can also 
turn off Platform entirely, which blocks any app from getting access to your private info. But you 
can’t whitelist specific apps for your friends to be able to use or blacklist apps they can’t use 
(which we thi nk would be confusing and not necessary given our other controls).” Describes 
article uncovering that apps on Platform are violating user privacy and FB not doing anything 
about it. 


FB-00097302 - summary of wide range of privacy issues 


FB-00099896 - privacy controls document by sam lessin regarding contextual privacy controls 
being rolled out end of 2012. 


FB -00101082 - US Privacy update, on 87 covers 2011 FTC settlement. “When users share 
information with a particular audience on Facebook, they should be confident that the 
information will not be shared more broadly than they intended. That’s a principle we have 
always adhered to and one we will continue to embrace going forward.” Denies breaching 
privacy, denies instances in which it overrode a user’s initial privacy settings. (90) 


■ -00115310 - June 2014 presentation on developer sentiment and focus group showing 
satisfaction declined since they announced changes and 60% or more of developers are unhappy. 
Quotes detractors’ issues with changes. Marked highly confidential with no basis. 


FB-00134222 - March 2014 Cross note explaining that the team is focused “on our first big 
milestone of 3/14 as the first time we should be able to test PS12n/Login v4 all up as a single 
stack. This will show us clearly the work left to do in the remaining 6 weeks to knit the suite of 
things we’re launching together into a coherent product.” “Stephen worked on ensuring we only 
emit app-friends via vl Graph API and vl FQL. This is complex as there are lots of 
Capabilities/Gks which expose more than the full friendlist, and these had to work in the new 
model too.” 


FB-00142713 - who is the custodian here? No one we know on the email. 











FB-00175079 - “Great cnet story” March 23, 2015 “Facebook to Developers: Please Friend Us” 
- FB new message to developers - “Work with us”. FB-00175185 - Tera Randall writes “The 
power of primers. Nice work Eliza!” Facebook controlling the news cycle by feeding reporters. 
FB-00178791 - More positive privacy coverage from April 30, 2014. “the privacy advocates and 
analysts we pre-briefed provided strong quotes to press. The number one newswire in Germany 
ran the headline: ‘Facebook gives users more control over the sharing of data’”. 

FB-00187292 - Mark commenting on his f8 2014 speech to his speechwriter, Dex, giving him an 
updated outline. 

FB-00187579 - discussing adding to Mark’s f8 2014 speech announcement of fbstart giving 
away $10,000 in tools and services to startups who develop on FB platfonn. Decide to include in 
line’s section. 


FB-00188194 - April 15, 2014 Jonny Thaw notes “He doesn’t mention that we’ll be reviewing 
apps”. “He doesn’t mention that apps will no longer get people’s full friend lists”. 


FB -00263378 - Hinge CEO proposal to FB on Graph API changes preventing them from 
entering new markets as they will be “severely affected”. Proposed whitelisting Hinge. Shows 
difference between established company/market versus new entrant in terms of impact on app. 
Oct 2014 proposal at FB-00763370. Shows impact of Graph API 2.0 on Hinge. 


FB-00267465 - document defining all v2.0 permissions 


FB-00283510 - PS12N Overview doc internal. 


FB-00449203 - Permissions v3 Overview marked highly confidential. Says “top 2 DSAT drivers 
are “Greater control over what personal information the app can access via Facebook” 70% of 
users. Blames FB’s current auth experiences. 

FB-00454251 - example of “fully deprecate (not privatize)” in a task showing that deprecate 
could mean either remove, privatize or what. 

FB-00482094 - April 1, 2014 task “PS12N Privatizations” ensure manage_friendlists perm 
includes non-app friends. Shows that they whitelisted full friends list. 


FB-00492545 - MZ summary of discussion with Drew Houston at Dropbox, employee follows 
up that they’ll need to set privacy in the API to make the dropbox integration work if they end up 
doing it. More evidence they didn’t permit privacy setting in API? 


FB-00496333 - Platfonn Trust HI 2013 December 2012. Marked highly confidential. 34, 62% 
of users want “greater control over personal info apps can access”. 61% want “greater control 
over what apps publish to Facebook”. 43, shows that these stats apply to apps you are 
downloading. Totally different from apps you haven’t downloaded or don’t plan to download. 










FB-00511877 - Oct 2011 Swain complains about lack of photo privacy controls. 


FB-00516204 - Dec 2012 Purdy O’Neil TR Bao Vernal Federov testing new login v4 as early as 
Dec 2012!!! They held it back for almost 2 years. Bao says friends photos is a top 10 most 
popular permission. Purdy asks for the login tool to check to see if an app is whitelisted before it 
denies read and write permissions before user sees the dialogue. 


FB -00516998 - Aug 2013 Lacker: “Giving out private API access annoys everyone else when 
they see some app that competes with them doing something they can’t do. I would rather we do 
that as little as possible, and in a way where being friends with someone in Platform does not 
help you.” Purdy discusses the four different APIs (FB, Partner, Platform Core, Platform 
Experimental). 


FB-00516998 - Purdy states on 99 that Dick Hardt can’t access an API in Aug 2013 because it 
isn’t part of Platfonn Core. Enforcing Platform Core 8 months before they announce it. 


FB-00095047 - Feb 2013 Sherman Egan and Isserlis discuss Feb 5 2013 article by Doug 
MacMillan in Bloomberg “Facebook is Said to Create Mobile Location Tracking App” showing 
that FB will track users all the time, even when app is in background. 


FB-00084224 - Aug 6, 2014 article on FB Messenger app tracking call log, text log, recording 
microphone, etc. 


FB-00086852 - April 2014 email from Matt Scutari where on 52 he describes that ’’The privacy 
XFN team has approved expanded use of Android read SMS permission to collect subscriber 
account information (e.g., data usage, account balance) from certain SMS messages sent from 
carriers to their opted-in subscribers. The information we collect will be used to facilitate zero¬ 
rated Facebook promotions in the following markets: Philippines, Indonesia, Paraguay, 
Tanzania, Brazil, and Thailand. 


FB -00089868 - On 70, November 21, 2013, Scott Bratsman responsible for releasing new FB4A 
android permissions that include “change wifi state” “modify audio settings, bluetooth” “read 
and write calendar” “read profile” “read_SMS”. 


FB-00259042 - Task between Flendrix and Scutari for “Can target users of opponents apps”. 
Loophole in FB that lets competitors see each others users and target them for ads. 


■ -00619271 - July 2014 privacy update discussing Moments on 73/74. Automatically accesses 
camera roll and does facial recognition on it. Policy wants that to be opt-in that involves explicit 
consent for new features. Did that happen? 


FB-00778436 - June 2014 Scutari email stating that “Mark has given us the green light” on 
updating the Privacy Center. Also states that “Following Friday’s meeting with Mark, we have 
decided not to make any changes to the Facebook-to-Messenger sharing model at this time.” It 
also says that humans are reviewing the content of Facebook messages (“Human Review of 
Messenger Content. The policy team has provided a list of risk mitigating measures to address 

















privacy concerns around human review of messenger content for product development purposes. 
The XFN team is reviewing and finalizing the approach and Comms will be developing reactive 
messaging.”). It also says they are finding new ways to use “read SMS” data: “Read SMS and 
Read Call Logs In Messenger. We continue to work with the XFN team on a Messenger team 
proposal tos tart using the read SMS and read call logs permissions in new ways. The current 
plan is to gather test data from peole who choose to join an opt-in beta program.” 

FB-00627949 - privacy launch calendar from Aug 2012 discusses change to way friend list is 
given (instead of alphabetically, friends are returned in ra nk order). Privacy concerned that this 
shares non-public info about frequency of communications with friends, etc. Also on 51 shows a 
special relationship with Bing to always access friends photos on Bing. Also change to 
distinguish between explicit and implicit actions in OG. 

FB-00839049 - November 2013 privacy email where researcher calls out Facebook for ignoring 
friend list privacy settings for PYMK feature. Comms employee seeks an answer as to how the 
researcher is right about this. On 60, “No idea how this will play out, but wanted to let you know 
in case it blows up. (I’m hoping we already have some stuff prepared since this isn’t the first 
time I’ve sent a heads-up about hidden friend list issues. ©” Another FB employee then writes: 
“Heads-up on this - if this does indeed blow up, it may be something we need to Humanize. 
Jessie, do we have anything already baked on how Friends List privacy works and why we 
don’t enable true privacy for that info?” Another employee then writes: “I don’t kn ow all the 
details regarding what goes into PYMK / suggested friends. I’m not positive what signals go into 
this and how the weighting works; best to send to Growth team and find out.” Austin Haugen, 
Ziqing Mao and Adriel Frederick are identified as the growth team employees who work on this. 
Josh Smith then sends an “Attorney Client Privileged” email where he says they just tried it 
themselves and the researcher is correct. He then says that FB’s current position is that privacy 
only holds on your timeline and not in other places. Sherman chimes in: “My concern is that if 
we hold fast to the ‘friend list visibility applies only on timeline’ position and this blows up, it 
could have consequences not only for this particular setting but more broadly for our ability to 
limit the scope of timeline visibility controls, at a time when identity feels strongly about 
displaying content covered by a visibility control on surfaces outside timeline.” They find out 
that 2.5% of friend connections both sides have “only me” set to friend lists. Austin Haugen 
identifies that the problem is that PYMK is still showing these connections even though both 
friends have “only me”. He proposes introducing randomness into PYMK so the users “aren’t 
guaranteed to be friends”. 

FB-00085722 - May 2014 privacy email where on 24 they say working to relax policy on nudity 
on instagram. 

FB-00092108 - Aug 2013, on 11, Purdy writes “Our goal is and has always been to give people 
a convenient way to login to apps, create personalized and social experiences, and let people 
share the things they care about through the apps they use.” On 10, blogger Andrew Chen wrote 
a blog, why developers are leaving the facebook platform, and one of the reasons was “We 
sometimes block apps that compete with us”. 




FB-00095711 - Jan 2013 update where on 11, “Platform Policy Reciprocity Update: We 


updated our Platform Policies to clarify that developers (a) must enable people to share 
back on Facebook and (b) may not use Platform for products that replicate core Facebook 
products or services without our permission. Here is the blog post announcing and 
explaining the new terms.” 
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FB -00109950 - Aug 2012 recap of neko privacy meeting stating that they will “launch an 
approach that eliminates many of the most controversial use scenarios for this data”. Including 
an iOS mobile measurement solution for Neko codenamed Wilde. What were the controversial 
use scenarios and which were implemented? On 52, “Data Collection on Android....the Growth 
team wants to begin collecting certain limited information about whether users have a non- 
Google app store enabled and which default applications they are using for certain 
Facebook functions (camera, messages, etc.) for competitive analysis and product 
improvement purposes.” 


FB-00623591 - March 2013 discuss privacy messaging in announcement of Facebook Home. 
MZ writes on 92 showing he is directly involved in messaging and drafting. 


FB-00084336 - on 339, “Argus Targeting”. “The team that has been working with Argus to 
conduct aggregate measurement based on credit card transactions is interested in exporting 
individual transaction data from Argus into Facebook for use in optimizing ad delivery.” 


FB-00084752 - July 2014 email from Sherman showing that FB had policies to protect against 
graph stealers, etc. 




















FB-00085705 - May 2014 Sherman email: “Speech Recognition: Matt continues to discuss 
potential risk mitigation steps for supervised learning with Mick Johnson and his team. The XFN 
team plans to reconvene to finalize the product team’s proposed approach next week and we will 
update the team then.” 

FB-00086138 - May 2014 Erin Egan email saying “Sheryl has asked me to join a meeting on 
Monday with Cox to discuss product ideas that would improve user trust. All ideas welcome!” 

FB-00089676 - Dec 2013 Sherman email on Lulu, violating policy of putting FB at legal risk, no 
longer access friend data. They will use this in privacy defense. FB-00089864 - Nov 2013 
Sherman email where he defends Lulu’s use of Platform. Also distinguishes Lulu from 643 
because the issue is women sharing personal details of men with other women without their 
permission. Not about data they get from FB. 


FB-00089881 - Nov 2013 Scutari “Matt is providing policy feedback on Mark Z. request 
that Product explore the possibility of making the Only Me audience setting unsticky.” 


00091715 - Sherman email to Schrage and Egan June 2013, different options after meeting 
with Sheryl regarding how FB collects location data in order to determine city you live in. 
Debating whether to delete the data they collected when they weren’t asking users expressly to 
give this data. Discuss conservative versus aggressive approaches and notes: “The infrastructure 
team has built technology that allows us to infer information, including users’ cities, from other 
data that we have, without users specifically agreeing to provide us this data. They have already 
announced this at a conference (but they’re not doing it on live data yet), and they want this 
week to announce it in a blog post and outreach to media. Marcy Lynn found out about this and 
(appropriately) raised concerns about the privacy implications of this kind of an announcement. 
We’re meeting tomorrow morning to discuss how we want to approach the comms aspect of this, 
but our strong recommendation is that we hold off on any further publicity relating to this....” 
FB-00091834 Sherman discusses collecting information on whether Google lets you see location 
data it collected for MZ to review (project Aura is location project). 


FB-00092488 - Sherman April 2013 email to Rainey Reitman at EFF regarding Independent 
FTC Assessment showing that the accounting firm said FB’s privacy program is working as 
intended. 





FB-01354294- Word document detailing buckets of permissions, friends* is on kill list 
No date 

FB-01353003- Vemal’s list of permission Friends* is on kill list/partner 
August 23, 2013 

FB-01353831- Apple’s Service Agreement 

FB-01356780- Eddie is attaching a deck on the list of apps affected by API(FB-01356781) 
January 27, 2014 

FB-01353040- Discussion around the alignment of competitor and the different types of 
competitor (now, in the future, alignment) 

October 15, 2013 

FB-01355841- Discussion of who is considered a competitor and who is not, wechat and 
Pinterest, and Tinder are questioned 
December 2, 2013 

FB-01390441- Discussion regarding ARK and if they should be a competitor or not (based on 
size) 

April 29, 2012 

FB-01366529- Discussion on different types of apps and how many there are and the 
recommendation. Photosharing is mentioned and it is said that removing access will change how 
it works but they are recommending removing anyway 
September 9, 2013 

FB-01351582 - Discussion with Mark on if ARK should be allowed to continue using API 
May 8, 2012 

FB-01353625 - Partner manager in London is upset over changes because he feels it will hurt 
devs and FB will just whitelist all their friends, discussing how to change his mind 
Oct 22, 2013 

FB-01356229- Timeline of announcing API changes, including the breaking friends_ (dates 
referenced November 1 2013, April 1 2014) 

No date 


FB-01351380 - Cross email May 2016 showing that only 45 million API calls per day were 
being made to v2.0 two weeks after announcement. 55% of calls coming from two apps, 
YoWorld and Monster Busters. No one adopting immediately. 



FB-01351386 - April 20, 2014 email Cross stating they landed on a plan to do part-privatization 
of the Events API. Create event will be privatized. 


FB -01351399 - Dec 2012 discussion with Purdy, Hendrix, Lessin, Osofsky, Vernal regarding 
shutting down Singly. Hendrix notes they aren’t violating policies because they are in fact 
helping the developer operate. Purdy says: “The key thing we care about is increasing the sharing 
to our platform, so even if we get abstracted from the direct interface, as long as they write to us 
too, I think it is ok at a small scale. If one of these folks starts reaching critical mass, I think we 
can revisit. Net: I lose zero sleep about this now and doubt anyone gets big enough to matter.” 
Venral chimes in to tell Hendrix to stop them from doing it because they shouldn’t wrap 
Facebook, Twitter, etc., into a single API. Purdy pushes back: “I feel strongly about an 
ecosystem of 3 ld party devs that make it easy to use FB data and post to us, as long as they and 
their clients operate in our policies.... I would be ok clarifying our policies here (if it made 
sense) as part of P3.0.” Fessin: “Only one other thing I would offer here... I actually thi nk we 
have a real problem with people offering generic ‘read’ from our graph (where a generic write 
interface seems much less bad to me) - our fundamental problem is that the loops / value 
exchange of read and write are very different, and I am really worried about the read (as I always 
am).” Hendrix then responds that they are going to announce with P3.0 in early 2013 and NOT 
reach out to Singly until then. They will either shut Singly down or bring them into compliance. 
Vernal says “I could see launching the policy now or with platfonn 3.0, and I could enforcing 
now, or with platfonn 3.0”. 


FB-01351517 - Task started August 25, 2011 and closed on June 29, 2012 where sharing doesn’t 
work for third party developers but does work for Facebook’s own apps. Matt Trainer writes on 
23: “It’s long overdue and we’re losing our ability to assure clients that API posts are equivalent 
to UI posts.” Jason Starr writes on 26: “We urgently need to fix this. It makes our integrations 
inferior to native and lowers engagement.” Ben Hiller responds: “Something can’t be unbreak 
now if it was never working to begin with?” Trainer on 26-27: “How about hi-pri then? 
Facebook is about to launch a bunch of features that compete with 3 rd party tools (post 
scheduling, admin permission levels, posting via Power Editor) and if we continue to gimp 
the API then we’ll be seen as intentionally burying the ecosystem to make way for our own 
products. Pretty nasty stuff.” Brian Wald then chimes in on 27: “Hi, any update on this? We 
had a big Amazon.com exec meeting this week and this issue was brought up. In addition to 
reducing shares amongst users, Amazon.com Pages aren’t able to share each other’s posts 
(amazon has a portfolio of over 40 pages on FB). Ie, Amazon.com Page goes to the Amazon 
MP3 Page and wants to share one of their posts. In native functionality Amazon.com Page could 
simply click the Share link on the Amazon MP3 post. However since Amazon MP3 uses the 
API, no Share link is displayed on their timeline post.” 


FB-01351582 - May 2012 Ark.com discussion with Zuckerberg, Vernal, Fessin, Purdy, Rose, 
Taylor. Zuckerberg writes: “One huge concern I have is that they have no way of knowing which 
info they pull in from a person’s friends is just supposed to be visible to that person’s friends as 
opposed to everyone in the world. That means they’re likely violating people’s privacy.” Fessin: 
“Just so we are clear here... Given the way our platform works right now, and what it means for 
them to have platform access they are not technically violating privacy if they show any of the 
profile fields more broadly then they are available on FB (someone correct me if I am wrong 








here).” Discuss buying ark.com - find out the founder isn’t trustworthy. Decide to shut down 
their access. Identify a number of policies ark.com has violated. 

FB-01351611 - April 15, 2014 internal discussion onNetflix’s heartburn over PS12N. Give 
them advance notice of changes and clued in to what they’re announcing on April 30, 2014. 

FB-01351632 - Aug 2013 email from Koumouzelis to O’Neil, Sukhar, Lee, Purdy attaching 
Platform 3.0 plan. On 33, “Developer messaging (TBD) will frame platform 3.0 as a focus on 
user trust....” 


FB-01351652 - August 2013 discussion between Sukhar, Purdy, Lacker, O’Neil, Koumouzelis, 
Lee, Himel, Spehar, Bao about Platform 3.0 plan. Purdy writes on 56: “On the same thread with 
Mike, we discussed the need to pull some element of Login into this.” Gupta: “Friends.get: I still 
don’t really understand the strong motivation for restricting this given the amount of complexity 
this brings with the other API we are building, and the fact that we can blacklist apps wherever 
we risk leaking the graph.” 


FB-01351660 - Aug 2013 thread where Bao asks “kill v. deprecate,” implying deprecate does 
not mean remove. 


FB-01351736 - Oct 2013 task to check with the growth team whether the platfonn team can 
give out last initial for untosed users in a third party ID. 


FB-01351769 - Oct 2013 chat between O’Neil and Sukhar. “Why doesn’t the Social Context 
API return the same thing as the invites one? I still feel like regular friends is the right 
approach.” Attachment at 70 shows the type of app as “Potential Competitor” “Aligned” or 
“Partner”. Potential competitors can’t get access to Invites, Tagging or Social Context APIs. 
Potential Competitors are Dropbox, Path, Evernote, Twitter, Pinterest. Aligned are “Games, 
Commerce, NYtimes, Spotify, Tinder”. Partner “as per contract”. 


FB-01351804 - Purdy, Sukhar, Vernal, O’Neil, Federov discussion Sept 2013 discussing killing 
the different APIs. O’Neil writes: “5/ photos: Rose isn’t thinking about API now - focused on 
composer / sync features in the next year. Think her gut would say it’s fine if API goes away, 

but Mark did call photos out explicitly.” 


FB-01351861 - Oct 2013 chat with Sukhar and O’Neil. O’Neil: “which change[s] do you 
perceive as most fuck-ing to developers? ©” Sukhar: “Third party IDs because they are 
impossible to explain to a dev why were doing it” O’Neil: “Because they need to change 
their DBs? Or because it may be harder to do X-app promotion?” Sukhar: “Because they 
need to do anything but yes cross app promotion is obviously huge in games as is coherent 
ltv comparisons etc. they will just collect emails and dedup.” O’Neil: “outside of change, 
any concerns wrt non-app friends and removing friend * permissions?” Sukhar: “I think 
we should just rewind and figure out if we’re solving a problem that matters. What real 
graph protection do we get? Not much.” O’Neil: “yeah, this is why I was trying to backup 
to first-principles w/ Javi... ©” Sukhar: “My concern is that there is no fundamental 
guiding motivation here and I’m still not sure who is driving it. It’s not Javi from what I 











can tell.” O’Neil: “In my mind, the motivation is making it more difficult to build hi- 
fidelity profiles of users for the purpose of advertising.” Sukhar: “Well that’s the first time 
I’ve heard said motivation”. O’Neil: “Growth (Javi) has two technical concerns: 1/don’t let 
apps grow w/o FB 2/make it difficult to reassemble disparate graphs, which I believe is 
related to two concerns: 2.1/creating off-FB advertising profiles 2.2/graph assembly by 
apps that pose a strategic threat - e.g. messaging apps. Sam’s concern is mostly leaking 
data (profile data + graph connections) to partners without getting something in return - 
e.g. reciprocal data or an ownership stake. The point of talking to Javi this week wasn’t to 
make a plan but to understand the advertising and growth concerns, especially wrt a single 
partner growing their apps.” Sukhar: “What doesn’t make sense if how third party ids 
solve all these problems. Sam prefers we just not have an open platform.” O’Neil: “My 
interpretation of Sam’s preferred platform models (in order): 1/a closed platform with per- 
app contracts 2/an open platform where apps only get app-friends and optionally a 
contract that govern use of non-app friends or other info Ex: Tinder signs a contract to 
access non-app friends in exchange for a stake, for data, etc 3/app friends + non-app 
friends w/ 3 rd party IDs [proposed model]. He’s not thrilled with this but said it’s better 
than where we are today and isn’t the biggest strategic issue we need to solve. 4/all friends 
w/ real IDs [all of #l-#3 remove friend * permissions] On friend *: yeah, they’re super 
powerful since 1 TOS can net an app detailed info about 400+ people.” Sukhar says that he 
prefers #2 to #3 and thinks Javi does too. Why don’t they do 2? O’Neil writes that #2 would 
break apps like Tinder without a process for them to sign a contract and that Federov thinks “it is 
too disruptive for the developer community and wants to slowly wean the ecosystem off of non- 
app friends”. Sukhar: “Well perhaps the whole endeavor is flawed. Javi is perfectly happy with 
an enforcement-only plan. The details are obviously not there yet but it’s an option.” Sukhar then 
asks why they don’t just split up games and all other apps and make the distinction clear. O’Neil 
responds: “It doesn’t solve for Doug’s “competitive future” category since there will be another 
Zynga.” Sukhar: “How does the proposal solve for it?” O’Neil: “It doesn’t - because we’re 
basically giving Games the keys to the kingdom to support MFS and X-app promotion.” 

FB-01351974 - Feb 2014 “Both Zuck and Cox both bring it up” removing sharing implicit 
actions to newsfeed. Developers can still post implicit actions, but they won’t show up in 
newsfeed, only for FB’s benefit, like on timeline, search, etc. 

FB-01351990 - Koumouzelis email to Purdy O'Neil Sukhar Sept 2013 showing PS12N as being 
motivated entirely by providing the best platform for developers to avoid the frequency of 
changes and lack of stability. 


FB-01352115 - This is attached to email FB-01352114 Jan 2014 "slides for mark". O'Neil sends 
to Vernal, Purdy, Sukhar, etc. Best PS12N deck yet, most detailed. "Limit data available tc 
apps" we in order to "Protect the graph" (17). List of "API Privatizations" "available via 
whitelist/contract" includes "friend list management". "API deprecations includes "friend 
data [likes, photos, checkins, etc.]". List of affected apps at 27k? (20). 22 shows "Key apps" 
"Marks' friends 31 76% request read_stream" "Sheryl's friends 66 62% request read_stream" 
"Neko spenders 831 59% request read_stream" "noisey 23 82% request readstream” 
“T0/T1 partners 160 77% request read stream”. These apps are “All on a list for pr 
launch outreach.” 23 shows it will be “more difficult to grow Lulu, Circle, Klout, 










BranchOut, etc.” On 25, “Affected Apps” means it will be “difficult / impossible to build 
[without contract]”. That it will be “Hard to grow: messaging apps, contact sync apps, 
horoscope apps, birthday notififiers, gifting apps, Lulu, Klout, Branchout, etc. Good apps: 
Venmo”. Still describes login v4 and psl2n announcements as 6-8 weeks apart (31). On 32, 
Questions “Acceptable to deprecate feed given broad impact? Acceptable to make medium- 
term trade of Trust for Games?” On 36, Non-game apps / non-canvas games “Apps limited 
to reading app friends...Review [very high bar] access to non-app friends. Venmo: yes. 
Lulu, Circle, Branchout: no.” On 39, massive increase in the number of bugs in the backlog 
from Oct 2013 to Jan 2014. API bugs increase 28%, Platform UI bugs increase 43%, 
devsite content increases 55%. On 42, “Heavyweight review for high-value data [ex: 
photos]. On 43, shows some popular apps and how they use friends data. On 44, detailed 
analysis of high-value permissions being privatized and their usage. 41,191 apps requesting 
high value permissions, 54% are games, 1% are partners, 0.4% are PMDs. Shows 13,350 
apps using friends *; 6,304 using read friendlists, etc. 45 on NAF is redacted due to source 
code. 49 covers issues 1. Complexity of migrating to opaque IDs 2. Perception of omitting 
NAF from me/friends. On 50, “New constraints. 4. Contract required to read NAF”. 

FB-01352155 - O’Neil Koumouzelis Lee Sukhar email Feb 2014. O’Neil: “I’d like to 
privatize the Games / Events APIs - but privatization != kill / deprecate. Privatized APIs 
are still available to specific partners but aren’t available publicly. Deprecated (aka: killed) 
APIs will be available for 6-12 months while partners transition off of them. Would be 
great to do this in time for Login v4.” 

FB-01352160 - Starting on 62, O’Neil Larkin Sukhar Jan 2014 discuss F8 timing. Larkin: 

“We’re planning to host a dev event on April 30 th (name still TBD). We want to put 6-8 weeks 
between the PS12N announcement and the event, so it doesn’t pollute the event. That said, we 
know people are going be thinking about this, so we’re planning to have some content to help for 
the impacted folks grok the changes and integrate login v4.” Ask Sukhar about this. They are 
having trouble figuring out how to time the bad news. 


FB-01352203 - Feb 2014 task for letting Platform developers use the mentions API. Debate for 
over a year while partner managers beg Platform engineers for this feature and platform 
engineers push back that they aren’t going to let developers do what Facebook can do in its own 
apps. 


FB -01352216 - on 18 TR writes “Want to make sure we’re all on the same page wrt what “login 
v4” means, since it has also been overloaded as an uber tenn for all psl2n work”. 


FB-01352229 - March 31, 2014 O’Neil Sukhar email string. O’Neil on 30: “In a major change 
from last week, we’re going to start telling partners about Login v4 in significantly more 
detail. Goal is to have most (all?) partners in the room be aware of the changes we’re 
making at F8. I’ll be meeting with many of those partners directly in the next 2 weeks to 
understand how they react.” Sukhar: “Why the change on telling partners? Does more detail 
mean everything about psl2n?” O’Neil: “We talked about this in the Friday review with Mike 
- he agreed and asked us to look at a plan that would let all partners know /before/ F8 about the 
















nature of these changes. We’re even looking at a planned leak of this and discussing with 
Tera / Jony this morning. Let me kn ow if you want to join us.” 


FB-01352505 - March 20, 2014 Sukhar O’Neil discuss early draft of MZ F8 keynote based on 
meeting with MZ and Thaw. O’Neil writes to avoid using the term “breaking change warning” 
and instead use 2 years of stability for key, widely used APIs. Says “will be interesting to hear 
Mark practice it ©”. Says “FCL isn’t motivating much of this, but maybe it’s a fine marketing 
message”. FCL is infrastructure? 


fB -01352632 - MZ Dec 2013 long note on future of Messenger / Messenger Platform. Shows 
that they are doing the “bait and switch” all over again with Messenger in order to scale more 
quickly. Leverage developers to win the market faster. MZ 35-36: “Given how important 
messaging has become relative to News Feed where our platfonn primarily focuses, it seems like 
there is a large opportunity here, both to extend Messenger in a unique and differentiated way 
compared to other messaging products and to extend our development platform to another 
extremely important surface.... But to get people to ditch WhatsApp and switch to Messenger, it 
will never be sufficient to be 10% better than them or add fun gimmicks on any existing attribute 
or feature. We will have to offer some new fundamental use case that becomes important to 
people’s daily lives. The reason a platform is attractive to me is that it is completely new and 
brings different kinds of utility and content into the Messenger experience. Just like News Feed 
started out as friends content only but eventually expanded to include more content that is now 
critical to everyday engagement, I think there’s an opportunity to do this with Messenger as 
well.... As a side note, just like with News Feed, I think expanding beyond just friends content 
will eventually be the single key to turning Messenger into a business.... For Platform, the key 
reason to focus on this is opening up another valuable surface beyond News Feed. This is 
important not only to expand, but because News Feed and therefore our current platform may 
actually be getting less valuable over time as more behavior moves to more private mediums like 
messaging. Our current platform feels like we’re going to invest a lot of energy to improve the 
Platform / News Feed experience for little marginal gain. The surface feels mature to me 
already.... The other major reason we haven’t considered it sufficiently is because fear of spam. 
This is a completely reasonable fear given the experience with our existing platform when we 
rolled it out. That said, we have since gotten platform to a place where it is not spammy and 
it is a small part of our overall signal to noise complaints, while still building it into a $1 
billion business.” MZ ADMITS THAT PLATFORM IS NOT SPAMMY AS OF DEC 2013 


AND NOT A CAUSE OF COMPLAINTS. 36-37: “This proves to me that it is possible to 
build something extremely valuable that is not spammy. In fact, if we had gotten the quality 
balance right from the beginning and not repeatedly thrashed our ecosystem, our platform 
business and engagement from it would almost certainly be much larger than even the $1 
billion it is today. So not only do I think it’s possible to learn from our mistakes and do this 
well, but I also think this is probably a much bigger opportunity than we intuitively estimate if 
we can pull it off.” Admits Platform issues were FB’s fault. 37: “Historically, we might have 
had to worry about apps incentivizing people to send spammy messages to their friends, but now 
we effectively enforce our policies and can limit any behavior we don’t want. Because of this, I 
don’t think spam is a meaningful risk. One nice feature of this is it’s quite defensible and uses 
our installed developer base.” 38: “A key difference from our initial Platfonn launch is that now 
we have the right tools and we’ve learned the right lessons to make this a much better experience 





than our News Feed / notifications platform ever was right out of the gate. To prevent spam, the 
biggest thing we can do is make it easy to turn off (after you turn it on). We never got this quite 
right on desktop and even iOS and Android struggle with this. But it should be easy in 
Messenger.” 41-42: “The way it would work is that developers could register their own agents 
with us that could handle certain types of requests. When we get a request, we’d figure out which 
developers’ agents might be able to handle that request and we’d send it to them. They’d each 
return whether they needed more information or were in fact able to handle the request, their 
suggested response and maybe a confidence score for how likely they think they are right. We’d 
then pick the one we think is best (calibrated by people’s feedback) and then we’d ask the person 
to confirm. After confirmation, we’d execute the plan using that developer’s agent. For example, 
you might say “get me two tickets to see Hunger Games at 9pm”. We’d parse the input enough 
to understand it’s a movie ticket request and then pass it off to Fandango and others. Fandango 
might require a theater to be specified but another agent might just use your location and has a 
good history of positive results, so we’d go with that one and reply with a message like “I can get 
you two tickets at Shoreline at 9:10pm. Is that right?” After that you just hit the Like button and 
we’d pass your credit card number off to the service to complete the transaction....” MZ 
describes a world in which FB’s AI intermediates between developer’s automated or 
human task performers and selects among them using a chat interface only and no apps. 

FB again becomes the centralized platform to leverage all the developers out there and then 
once it is the winner in the messaging market it will shut developers out and start doing the 
tasks itself (i.e. food delivery). On 32, Peter Martinazzi replies: “ft'ithin that, the next 
question is, how can a platform of some sort help out there. The thing that comes to mind 
for me is it can scale things in a way a team our size cant do internally.” THIS IS THE 
BAIT AND SWITCH MODEL. USE THE PLATFORM TO SCALE AND WIN THE 
MARKET. WEAPONIZE THE PLATFORM TO CONSOLIDATE CONTROL. NOTE 
THAT FB HAS AN OCULUS PLATFORM TOO (FB-01352656). 


FB-01352651 - Oct 2014 Sukhar O’Neil thorough review of friend replacement APIs to support 
Tinder, Hinge, Airbnb etc. 


FB-01352663 - January 30, 2014 Sukhar to O’Neil in chat: “So I talked to Fran and I think he’s 
thinking about flipping the order of f8 / psl2n to satisfy the conditions of (1) launch psl2n (2) 
have f8 in this semester. Slipping psl2n more sucks but it would be nice to have a clean f8 with 
all the positive stuff first.” O’Neil: “But it does seem weird to have a negative event shortly after 
the positive one.” Sukhar: “Well the negative thing won’t be an event, right? It’ll just be a blog 
post / release.” O’Neil: “Yeah - “moment” was probably a better term. ©” 


■ -01352696 - Mobile Publishing deck by David Engelberg, Strategic Partnerships, Mobile 
Games, December 2013. Neko business testing, picking games that are winners. 07: “The goal of 
the contract is to help dev ‘cross the chasm’”. Previously had done $100k with Fiksu and $400k 
with Ampush/PMD. This structure was complicated and $500k wasn’t enough money for the 
developer to cross the chasm. Current version is a 30% rev share but a $1M budget. They 
didn’t do 250k - they did $1M! 12: Campaign structured as a 60-90 day test period and the 
developer had to be within 15% of the revenue goals of the initial model they set and if they did 
they would then do the remaining full year of the campaign. $400k would be allocated in the first 
2-3 months and $600k for the remaining 9-10 months. 13: The games that could participate had 














to be VC backed with strong exec background. 17: can Facebook pick winners? 3 out of every 4 
games need to be ROI positive. And those that are ROI positive need to spend big on NEKO. 25: 
work with Fiksu on Burst and Ampush on PMD for sustained campaigns. 34: “Games drive lots 
of revenue. FB doesn’t get a lot of it.” 35: FB gets 20%+ of its revenue from games and only a 
small piece is mobile-focused. Publishing is a possible way to monetize and lets FB explore 
something that is not advertising. Ad spend on NEKO and mobile publishing are two different 
ways to generate revenue on games. 38: “There is a growth opportunity in identifying these high 
ROI+ games and becoming a distribution channel. Kakao made $311 million as a games 
distributor in 2013. Line bring sin nearly $100 million in games. And their growth is 
accelerating.” 40: “Buying high-quality users comes from ad networks, but realistically, it comes 
from FB. This is the ONLY channel right now that effectively gives you high-value users.... 
Facebook can solve a discovery problem here, while encouraging best in breed FB integrations 
and evangelizing the value of our FB ads solutions.” 45: Goal of creating new NEKO spenders. 
47: new contract structure - $200k fiksu + $200k NEKO. Dev has to hit 15% of target, then 
trigger $600k NEKO spend or FB walks away. 


FB-01352766 - Jan 31, 2014 Sukhar to O’Neil, Larkin: “I thi nk the switcharoo plan is 
reasonable but I worry that we’re adding another two months of potential scope creep and risking 
an H2 launch which probably would not go over well internally.” 


FB-P05 i - Feb 2014 Sukhar invites Purdy Federov O’Neil to review “switcharoo” plan : “I 
think it is a good compromise given all the constraints and we’ll be able to tell a story that makes 


sense. 


FB-01352783 - Sukhar April 28, 2014 task discussing timing of blog posts going up with 
announcements on stage 

FB-01352853 - Sukhar O’Neil Jan 31, 2014 chat. 56: O’Neil “I’d also like to have something 
interesting to work on once this Login / Simpification shit show is over....” Sukhar “Of course © 
I didn’t say Messenger Platform, right? Heh.” O’Neil: “©” FB-01352860 - 63: O’Neil tries to 
get off working on login v4, Sukhar wants him to stay on because it’s so tied to psl2n and 
requires so much history to know. 

FB-01352955 - April 2012 task to fix bug where app privacy settings don’t affected uploaded 
photos and videos. Bug goes months without being fixed where a user can set something to ‘only 
me’ in a developer app but then facebook changes it to ‘friends’. Paul Carduner on 57 writes: 
“The only time platform apps can set photo privacy is if they have the meta composer (which is 
only our apps) as you can see here.” Developers keep reporting the issue and FB employees keep 
trying to get it fixed to no avail. When they do fix it, Apple complains and they whitelist Apple 
to be able to change privacy settings (61-62) (“no problem a whitelist can’t solve”). “The reason 
we don’t want to expose privacy changes as migrations is because it is, in essence, publicizing 
the fact that we have a privacy bug that (if we allow a migration) won’t be fixed for a couple of 
months. It’s not a very good signals to users” (63). Why was Lessin on this task? 






FB-01352965 - Sukhar Purdy Nov 2013 discuss tying Login and PS12N “I thi nk we are closed 
on using login v4 as the launch vector for most of psl2n. I want to get this out to the team ASAP 
as I think it stops a bunch of bullshit that lingers from platform 3.0 and psl2n as horizontal 
“efforts” not products.” “What problem are we solving by conjoining the two?” “What product is 
psl2n?” “None?” 


FB-01353023 - Aug 2013 chat with Sukhar, Lacker, O’Neil, Purdy, etc. Bao asks: “1/can we 
give all apps. Inc. competitive apps stable ID + name + email?” Purdy: “On #1,1 think that is a 
zuck level call. The current POR is yes (status quo), but I imagine that we are going to revisit as 
part of this exercise.” Bao: “will leave that in doc and defer to zuck reviews then”. Did FB end 
up giving all apps, even competitive apps, stable ID, name and email? 


FB-01353023 - Aug 2013 Bao chat discussing in part whether friends birthday is a core 
pennission. Bao notes it is among top 6 most popular permissions. 


FB-01353036 - Jan 2014 Purdy to Sukhar O’Neil: “Now that we have cleared Mark” on PS12N 
+ Login v4. 

FB-01353037 - “Joking aside, the Parse team can be convinced that we need to make hard 
tradeoffs in protecting the graph. We’re not a bunch of GPL hippies by any stretch. That 
said, the case is just not very convincing right now. That we changed both the problem 
statement (whatsapp -> ads) and the solution (app friends -> third party ids) sniffs to me 
like we’re justifying a roadmap instead of doing the right thing. Kevin is right in that it will 
hurt morale for our team because they’ll see that the Platform is moving in a direction that 
Parse leadership doesn’t believe in. At best, I can just go along with this and our tight knit 
team knows it when they see it.” O’Neil: “I view this as us iterating to understand the 
problems we have it’s whatsapp + ads, not =>. That said, let’s back up: Do we agree that 
the scope of the problem includes both competitive msg / FB clients and ads?” Federov: 
“Btw - I covered building ad profdes and a couple of other abuse scenarios in 1:1s with 
everyone when framing the problem. It is not a new thing added that came to attention now, so if 
it feels new it is my fault for explaining it poorly.” 


FB-01353100 - Feb 2014 Rose Vernal Sukhar O’Neil Archibong Bernstein. Rose writes he 
heard they are reconsidering deprecating stream.get and that they’ve been telling devs for months 
they will deprecate it and have taken a big hit w Samsung. Vernal says they are still deprecating 
but MZ said to delay announcement: “We’re not changing our mind. Mark’s recommendation 
was to postpone this deprecation to a couple of months after f8 (presumably the July 2014 
breaking changes announcement). Rationale was that it seemed like strategery and we wanted to 
keep f8 to be people-focused (which we thi nk the friend permission deprecation is).” Archibong: 
“Are there any other APIs in that delay bucket?” 


FB-01353101 - Feb 12, 2014 finalize “new plan” to launch Login v4 and PS12N simultaneously 
at F8. See 02 for three page deck summarizing 9mo deprecation window “approve at FB 
discretion”. 








FB-01353140 - Oct 2013 Sukhar O’Neil Federov Purdy chat. Ready to blacklist Linkedln for 
reading friends list. 


FB-01353339 - Oct 30, 2013 Sukhar O’Neil chat. Sukhar: “Let me know how I can help move 
forward PS12N. I’m done fighting the graph protection stuff. What’s your take away?... I was 
talking to Jason today and he seems unhappy with the Parse situation in that we are unhelpfully 
reviewing everything. I agree with him and will try to get better about it.” 


FB-01353432 - O’Neil Sukhar Purdy Federov Oct 15 2013 chat. O’Neil says they need to get all 
platform engineers in an all-hands meeting because “I’m hearing from eng in both sites that 

they’ve heard of but know nothing about PS12n.I think this is important - folks on this 

thread (+ Vish, Harsh, etc) understand why we’re doing this, but for everyone else, this is a 
black box. Don’t much care what it’s called as long as the audience is all of (but limited to) 
platform eng, incl parse. I want a forum where eng is willing to ask questions (+ vent) without 
being overwhelmed by questions from the partnerships team.” Sukhar: “I recommend we talk to 
Javi about the third party id proposal. I don’t think we are doing the right thing there based on 
my discussion with Javi just now.” Purdy: “can we make sure we are calibrated on javi’s role 
here? Mike and I both react super strongly to considering javi an “approver” for this work. 
We should get his input and ensure that we are meeting our strategic imperatives, but I 
(and mike) don’t want us permute our plans too strongly here. We have to balance “protect 
the graph” with helping developers. I think the right way to approach this is to convince 
ourselves that what we have developed strikes the right balance and then seek feedback.” 
Sukhar: “well I did not ask him for approval. My thesis is the current proposal is the worst of 
both worlds. We neither solve the protection problem nor do we treat developers well.. . . I 
brought this up to all of you.... Everyone said there’s a lot of history you’re not aware of 
and we’re solving Javi’s problems. Going to the source seems to indicate that’s not the case. 
This proposal is the worst of both worlds. We thrash developers and don’t actually fix the 
problem. You can match an address book to get a communication channel.” O’Neil: “Yeah - 
I’ve withheld judgment on the current plan until getting context from Javi independent of the 
current plan.” Purdy: “Javi isn’t aware of a bunch of that history either (he has only been in 
the mteam conversations about this). Also, he isn’t too aware of the details here. We have 
spent hours and hours with zuck, etc. about this. That doesn’t make the solution right however. 
Key thing I care about is getting this “protect the graph” phase of platform over with ASAP and 
with min. impact to developers.” Sukhar: “I feel like I am the only one with a principled stand 
here and you guys just want to get something done.... I just spent the day talking to many 
dozens of devs that will get totally fucked by this and it won’t even be for the right 
reason.... My opinion is don’t break developers without a good reason. Nobody has given me a 
clear articulation why the current proposal is worth the pain. Non app friends was at least clearly 
solving a problem. When we met with Javi nobody gave me a chance to talk so I went and talked 
to him. Sorry to bring this up but my engineers think this plan is insane and I’m not going 
to support an all hands to convince them otherwise. O’Neil: “The questions people are asking 
me (and others) are not about 3 ld party ID model - they’re about if / how their day-to-day jobs 
will change, why we don’t like contact sync apps, and if we think there are any good apps on 
platform.” Purdy agrees that if they don’t let games cross promote their apps that “we are going 
to fucking with a lot of developers”. Purdy: “I think it is useful to separate developers into 
three buckets: existing competitors, possible future competitors, developers that we have 






alignment with on business models. When we talk to ourselves and to internal folks we need to 
be super clear what we are trying to do for each one. Can we steal the platform sync meeting 
tomorrow to talk about this?” O’Neil: “I don’t feel like I have enough info to talk about this and 
would rather wait until George and I have talked to Javi later this week.” Purdy: “Javi 
doesn’t need to be consulted about cross app promotion. As long as it only is allowed to the folks 
in the 3 rd category. We should consult him on how we are protecting ourselves in case 1 and 
2, however. Mike and I are lined up here.... Does that make sense?” O’Neil: “No, it doesn’t.... 
When I talked to George about this last Thursday, we both wanted to understand Javi’s concern 
here.... The separation between those categories doesn’t feel clean to me - e.g. apps can 
transition from aligned => competitive and will ultimately make us sad that we leaked a 
bunch of data to them when they were aligned.” O’Neil: “Do you consider Dropbox aligned? 
Or competitive?” Purdy: “Possibly competitive, could move to aligned with a big deal 
between us.” O’Neil: “Yeah, agree... In that case, we’d assume Dropbox is competitive, which 
matches my expectation... And would assume dropbox is future.” Purdy: “Yes. Exactly.... 
Partner is the other state, but I think we can omit.” O’Neil: “Agree. And, a partner could move 
from aligned => competitive * - e.g. two mid-level game partners merge and buy Layer for 
messaging? (same as FB-01353571) 


FB-01353474 - Aug 2013 Vernal Purdy Lacker Sukhar O’Neil Federov Koumouzelis email 
discussion on timing of announcement w mark. Purdy attaches slides “to include all the things 
we have talked ot Mark about recently. I like the frame, but it needs work.” Lacker provides 
thoughts on SLA definition. Vernal writes: “Can we just kill Photos/Photo Albums?” (75). 


FB -01353514 - Sept 2013 Sukhar, TR, Gupta, O’Neil, Lee, others email string discussing games 
getting friends API. Sukhar: “This is definitely a cool feature. I guess the fundamental question 
is - to what degree do we do things differently in the games world just because we get a rev 
share cut there? Do we really not care about protecting the graph there? What if the game 
is huge but doesn’t make any money? I foresee a lot of potential further divergence. It 
seems like we should decide at the principle level first because this is clearly a great 
product to build in the absence of protectionism” (17). Gupta: “That’s a very valid question 
Ilya. I don’t have sufficient insights into the discussions around our ‘protectionism principle’ 
so its hard for me to comment on this... .As Zuck articulated really well in the Q&A, games are 
the first vertical to be successful on any platform.... I do think that we need to be successful as a 
games platform.... And if we are to build a real games platform, then we need to be willing to 
build out features like game friends, presence, messaging, synchronous play, match making, 
achievements and leaderboards which are essential parts of any gaming platform. This will often 
require us to differentiate games from other verticals.” Sukhar: “Yeah, that makes total sense. I 
only asked about the non-money-making games as a straw man question given that this 
entire endeavor is primarily driven by protectionism and will make it harder to attract 
developers everywhere, not just in the games world.” O’Neil communicates how PS12N 


affects games. Still get all friends, but limited data and opaque IDs. 


FB-0135370 - Dec 2013 O’Neil Sukhar chat on Lulu. “We’re basically enabling PS12n non-app 
friends and friend permission changed for their Brazil users tonight due to user complaints and 
legal concerns. Lulu is aware and is working on their own fix tonight to suppress the same from 
their own APIs. This all happened today after 2PM. Happy to provide more context.” Sukhar: 









“Interesting. What happened in Brazil?” O’Neil: “Lulu added ~2M Brazil users since the NYT 
article. This has apparently caused people to switch genders, delete FB accounts, and has 
triggered user complaints, litigation and regulatory pressure specifically in that country.” 


FB-01353692 - Sukhar, Lee, TR, O’Neil, Purdy Oct 2013 email discussion. TR: “I understand 
we want to make it hard for a developer to grow a new app by cross promoting from existing 
apps.” Lee: “On canvas, it isn’t that we want developers o be able to grow a new canvas game by 
cross-promoting from an existing canvas game. It is more that this is a method used by 
existing developers and it is an important precedent that exists on canvas. Ultimately, we 
would rather they didn’t cross promote and they bought ads to acquire users for new apps, 
but it does seem reasonable for a Zynga to drive traffic to a new game from an existing 
property. Of course the risk of a canvas to canvas install is low because it is still canvas and 
subject to our policies and payments.” (92) Lee: “Key concern: We’re leaking the social graph to 
platform developers and that needs to stop. Proposed solutions to date 1/ We remove all non-app 
friends from the API and force all developers to use a FB-hosted invite dialog to reach non-app 
friends. We also obscure the FB UID sufficiently to prevent reconstruction of the social graph.... 
Pros: Completely prevents developers from building out the social graph as they will only have 
the graph for users who have TOS’d their app.. .Developers with multiple applications will no 
longer be able to cross-promote intelligently b/c the user-app-pair hashed ID means that the same 
users looks like two different users across apps by the same developer.” (95). Lee: “We’re 
basically forcing devs to ask for email so they can tie user-app-pair IDs together which 
could hurt GDP conversion or just hurt user trust (“why does this game need my email?”. 
If we’re ok with them tying user-app-pair IDs together, then we should just give it to them 
instead of allowing them to have it unofficially through asking for email.” FB-01353880 - 
81, Sukhar explains to Lee that giving non-canvas apps the ability to connect user-app pairs 
wouldn’t look good to Olivan. “My takeaway from our meeting with Javi was that this would 
make them feel differently about the whole initiative.” Lee: “I’m not sure I understand Javi’s 
specific concern then. The segregation by app is actually pretty arbitrary. If anything it is a bit 
weird that Zynga now goes from knowing that George plays 3 different games to a potential 
world where there are three different guys playing 3 different games and they could all be 
George.... What are the examples off of Canvas? Are there specific abuse scenarios that we’re 
worried about?” O’Neil: “Javi has a few concerns - two are: 1/making it easy for 3 rd parties 
to assemble multiple graphs into a larger, more complete graph either by acquisition, 
collusion, sharing data w/ ad networks, or a single entity with multiple app IDs (agree this 
is basically true of a few head devs). 2/giving apps sufficient user info that they can gro^ 
without using Facebook’s channels. I assume policy protects us here to some extent. Art 
apps widely doing cross-app promotion on mobile? This thread proposed our ad networl 
as an alternative... 


FB-01353698 - Sept 18, 2013 Purdy sets up mtg with Lessin for him O’Neil Vernal and Federov 
to walk him through the PS12n timeline. 

FB-01353731 - Aug 19, 2013 Koumouzelis Lacker Purdy Lee Sukhar Spehar Bao O’Neil Gupta 
Federov email discussion where they agree they need to figure out how many apps will be 
affected and Koumouzelis also notes that Purdy and Vernal “are leaning towards locking this 
down completely.. .and limit this to a whitelist for strategic partners” referring to newsfeed API. 














01353830 - Feb 2012 Apple Facebook contract from Lessin to O’Neil. Starting 31 contract. 
35 shows sharing Friend data for Apple App Store. FB-01353866 - O’Neil, Daniel, Sukhar Oct 
2013 Apple friend data whitelist discussion. Daniel tells O’Neil they want to whitelist Apple to 
get friend data, including friend photo for an upgrade to Apple and Nokia’s mapping products. 
Daniel asks if Apple ever received this before. O’Neil says only friend data for Apple for the like 
buttons in the App Store. He explains: “Platform Simplification is about cleaning up platform 
for ‘typical developers’ and doesn’t change the data we make available to strategic 
partners and govern with contracts. If it makes sense for Apple to have access to friends 
likes / posts with location / photos in the context of a new contract with them, then it’s fin 
to let them access that info 


oe 


FB-01353966 - Sukhar O’Neil Cross others April 22, 2014 - Sukhar calls out some 
implementation details on login review that don’t make sense. 


FB-01354037 - Jan 26, 2014 Sukhar O’Neil Larkin discuss pushing PS12n announcement back 
to do Login announcement at F8. When did they merge? Mention meeting with Mark on 1/27/17. 
Did he decide to merge them on 1/27? 


FB-01354048 - O’Neil Sukhar chat April 3, 2014 O’Neil: “On Tera; talked to her about the 
meetings - I didn’t realize that these were /her/ meetings. © None of the partners seemed at all 
concerned or odd about her being in the room, and we were clear that she was there to learn from 
them about the questions they had.” Sukhar: “I think you should share this feedback in Build 
XFN. Might get people feeling a little better about things pre-f8.” 


FB-01354267 - Oct 2014 Sukhar O’Neil email discussion. Sukhar gets info on APIs FB making 
available for some dating apps. Sukhar asks “Why is this the case? ‘Where mutual friends are 
surfaced, tapping on them must deep link to that person’s Facebook profile on web or mobile.” 
O’Neil responds: “It isn’t - Simon went aggro on that and we’ve backed away from that. 
Partners can do it if it makes sense, but it’s optional.” Sukhar: “I think this is all pretty great as 
long as we have consistent reviewing ©” O’Neil: “Agree - that’s the trick ©”. 


FB-01354541 - 42, Dec 2013 TR emails O’Neil and others 2 options for handling friends lists 
that growth team discussed (?) (TR works for Javi?). 


FB-01354544 - Jan 2014 Purdy Sukhar Federov O’Neil Larkin others. 46, Purdy “The above 
user trust message only really hangs together if introduce the user model changes with the 
developer changes.” Purdy then describes the takeaways from a meeting on Jan 15: “1. We 

need to nail the user trust message this semester. 2. The hope had been that we could nail 
that message and then move on to our f8 message. 3. Based on the login v4 schedule 
(march, the current f8 date (april) and the existing product pipeline (we need to pre¬ 
announce the ad network), there isn’t much space left to get separate messages out in the 
market and that second message is watered down. 4. One option would be to use f8 as a 
mechanism to explain these changes, but the general sense was that we want to get the login 
v4 message out (including the impact to developers) independent from an f8. 5. As such, we 



















are going to recommend to both mike + mark that we postpone f8 until the Fall. ..Who 

rejected the recommendation to postpone f8 until the fall? 

FB-01355308 - March 5, 2014 chat between Sukhar and O’Neil - O’Neil tells Sukhar regarding 
Elliot Colin Gary and Joel “They’re apparently deciding whether / how to make a big deal of the 
platform changes wrt policy and marketing to people”. Elliot Schrage, Colin Stretch, who are 
Gary and Joel? 

FB-01355327 - Looks like Jan 2014 presentation of current state of Login v4 work and open 
issues 


FB-01355350 - Sukhar review of O’Neil Aug 2014 showing O’Neil was the key person making 
PS12N successful and that he greatly exceeded expectations on a project that “spanned over a 
year, was extremely high risk, and touched a very broad set of stakeholders.” “The product was 
risky and the organizational structure was suboptimal” and “The team had to convince various 
companies (Spotify, Zynga, etc) that the people benefits of the model changes outweigh the 
implementation costs and loss of data.” 

FB-01355359 - deck attached to 58 April 2014 email from Cardaci to Rose, Vernal, Wehner, 
Sukhar, Federov, O’Neil, Archibong others assessing impact of PS12N/Loginv4 on FB revenues. 
Concludes that the changes are manageable. Biggest revenue hit from implicit sharing, no 
revenue hit from Login v4. Tiny revenue hit from PS12N 1-10M per year. Biggest risk is 
developer sentiment causing an exodus off Platform and total worst case revenue loss there is 
$55-270M annually. 

FB-01355364 - Koumouzelis Sept 2013 email to O’Neil Purdy Sukhar Federov preparing a post 
to the PS12N cross function team internally at Facebook explaining the changes. The post talks 
about developer stability and developer trust - says nothing about user trust. 


FB-01355396 - Feb 2014 email regarding PS12N stating “Motivation: Large API Surface Area, 
Too many endpoints to manage”. 

FB-01355398 - Nov 2013 Sukhar sends deck to Lacker O’Neil Yu for the 3yr platfonn plan. On 
400, “By 2016.. .The majority of consumer mobile applications have critical functional 
dependencies on Facebook”. On 403, “Send traffic to developers to recapture distribution 
chokehold again.” “Platfonnize our consumer apps to compete with Android and iOS defaults 
(Login, Chat, Contacts, etc.). On 05, “Tie in to distribution and search surfaces so that 
consumer app growth is inextricable from Facebook”. “Platformize the multi app strategy 
‘Provide alternatives to Android and iOS defaults.” (same as FB-01363343). 


coming in 2014.’ 


■ -01355456 - From 55, email showing developer satisfaction survey results September 2013. 
Deck starts at 56 and has quote on title slide from developer: “I’d hesitate to recommend 
Facebook because it can be unstable and sometimes automated actions by Facebook can 
really threaten a business - as they have mine a few times. In such cases, developers can 
feel like they have no recourse, unless they know someone inside Facebook.” On 61, NPS is 
at -17, not good. But for Neko developers it’s 5, good. NPS for the rest of America outside 














NEKO continues to decline. On 76, 6% of developers say Facebook is not important because 
people don’t trust Facebook. On 88, 34% of developers do not know how to act upon 
enforcement emails they receive. On 92, most developers do not find consulting platform 
policies useful to them to help them solve their problems. On 33, sample 833 developers to 
determine profile of gender, platforms, countries, code languages, OSes. 

FB-01355664 - Nov 2013 Sukhar O’Neil email string passing along Login v4 deck. On 65, 
states that one of primary motivations of Login v4 is competition, particularly G+ and ensuring 
Google doesn’t gain mindshare as the universal login. Another motivation is to get more data 
about users to improve ad targeting in Neko. Users don’t trust Facebook Login because they 
don’t feel in control of the data they share with apps, and they don’t feel in control of what apps 
share back to Facebook. 


FB-01355841-42 - Dec 2, 2013 Sukhar O’Neil chat string. Sukhar: “We seem to be losing the 
battle to get required permissions into Login v4. I’ll add you to the relevant thread so you can 
see. Also, unrelated, why does the latest psl2n proposal disallow login for competitors? What’s 
the scenario we’re worried about?... In the slide about psl2n and what you get based on how 
competitive you are, why don’t you get login if you’re wechat?” O’Neil: “So we’re not 
brokers of authentic identity to competitive networks.” Sukhar: “Hmm, I see. Do we think 
Pinterest for example will end up in this boat?” O’Neil: “Yes, certainly possible Pinterest 
could end up there. Depends on what moves they make. I actually thought Pinterest was 
more aligned, but Doug put them in bucket #2 because that bucket includes things he 
thought Mark might want to buy. Tinder might be a better example - as a dating app that 
rides in the graph, they’re pretty aligned, but if they add chat, they become some form of 
competitive.” Sukhar: “I feel like the shut-down-growth-vectors story is pretty clear but the 
shut-down-everything story is tenuous. We’re almost creating more strict competitors by 
taking away a dependency on FB. Pinterest is more likely to make Login with Pinterest if 
we take away FB from them. Just a thought. On a more general note, I think one piece of 
context that would be useful to some consumers of this proposal (e.g. David, Bryan) would be 
the expected numbers of competitive apps. They have an impression that we’ll just outright 
crush every messaging app but realistically (or at least in my expectation), we only care 
about the top 10 and only when they’re huge already.” O’Neil: “Hm - in practice, I agree 
there are few (dozens) but we’re going to remove permission to read your inbox from the public 
surface area and make that a part of the OEM client program. If they’re able to use any of these 
messaging apps today, it’s a hole in our data policies because FB employees aren’t allowed to 
grant inbox permission to 3 ld party apps.... :/” Sukhar: “Oh, I meant messaging in terms of 
WeChat - not FB inbox readers. I didn’t know those were really being used ©” O’Neil: “Oh. I 
see. Yeah, there are a few apps that are FB chat clients. On WeChat: certainly happy to revisit 
that part of the proposal. It’s one of the uber controversial parts of the proposal. It’s not 
really blessed until Mike / Mark are on board. ©” 


FB-01355843 - Feb 12, 2014 chat between Sukhar O’Neil Purdy Federov Spehar passing deck 


from Feb 11, 2014 meeting with Mark in which they communicate “New Plan: Launch at 

f8. On APIs for NF / Profile / Notification / Inbox - Review these permissions. Approve at FB 
discretion” (45). “For whitelisted apps, how does Login disclose friend permissions? Plan: 
Disclose in v4 Dialog” (46). 
















FB-01355995 - Jan 8, 2014 chat between O’Neil and Sukhar where both are still under 
impression there would be “6 weeks of buffer” between PS12N and Login v4. 


FB-01356780 - Jan 27, 2014 O’Neil Zuckerberg Vernal Purdy Sukhar - O’Neil sends Mark 
slides that they reviewed for “key apps affected by the API deprecations / privatizations 
[partners that use read_stream are marked].” O’Neil apologizes for appearing like he didn’t 
want to move forward with these changes. “My bad if I came across as soft or mixed on this” but 
FB needs to realign its relationship with developers to put the ecosystem in a sustainable place 
and to improve user trust. 


FB-01357144 - Jan 2015 Zuckerberg email on content production/consumption being the 
biggest issue FB faces, losing market for sharing to snapchat, etc. 


FB-00080931 - April 2015 summary of all sensitive privacy launches being prepared for 
meeting with Zuckerberg. FB-00080932 summarizes the launches. Important info on 
Android text/call tracking, microphone, etc etc. 


FB-01357705 - Parse Business Model Alternatives June 2014 presentation. Shows Parse as loss 
leader for NEKO growth, detailed analysis of IaaS and PaaS market. 

FB-01360357 - F8 April 2014 company schedule and plan circulated on march 14, 2014. 
Timeline on 58. Press primers for f8 start wk of 4/14 and F8 prebriefs are week of 4/28. “Control 
updates post” on 4/24? 


FB-01361755 - Implicit Platfonn Stories deck showing impact of removal. On 69, states that 
removing OG “threatens continued investment in Facebook platform” and presents “significant 
thrash”. On 78 they have employee quotes supporting removal of implicit sharing. On 90 admits 
that implicit sharing benefits “quality apps”, lists 20 apps affected all legitimate large companies, 
twitter, pinterest, soundcloud, Spotify, tumblr, vimeo, texas holdem, birthday cards, ifttt, candy 
crush. Quality of the apps confirmed again on 96 and 97. 


01362422 - F8 plan. On 23 “Proposal: Have a full f8 on April 30 th . Launch new products 
and the stability aspects of PS12N. Launch painful parts of PS12N 2-4 weeks after. Why? 
Chance to set context on trust focus so platform simplification comes as less of a surprise. Ship 
the new products without headwinds from negative sentiment. Puts a stake in the ground on a 
recurring date.” 24 shows key announcements and does not include the removal of friends 
list and data or newsfeed apis etc. 25 use f8 brand to reset expectations for developers, 
returning to roots, send a strong message to ecosystem alive & well. 26 “The world has 
fundamentally changed since we launched Platform. We’ve moved beyond being only a social 
platform”. 


FB-01363043 - Hurren Messenger Platform Partnerships Audit deck January 2014. On 44, 

Andreesen-Horowitz: “The time is right for building a platform. Impressed with what 


















WeChat is doing in China; beyond just attachment picking. WhatsApp is missing a major 
opportunity.” Notes from Dropbox, Evernote, King.com, Spotify. 45 lists kik’s partners. 46 
agenda intemet.org messenger platform stickers 


FB-01363061 - Mobile Publishing December 2013 David Engelberg deck. On 65 Mobile 
publishing is about providing the initial marketing phase for high potential titles and getting 30% 
of their net revenues for it. 


This is to prove that we can pick winners. Winners are roi+. 


Winners are healthy NEKO spenders.” Fair and equal platform replaced by mobile 


publishing / neko. 

FB-01363496 - Sukhar responds to MZ email on Messenger Platform Dec 2013. 

t i f f i 36353p - Identity Apps presentation. “Identity Apps: More than just friends”. Lists 
contacts, productivity, dating, calendar - “common patterns: apps only pull graph data & 
rarely publish anything back. Dating apps are among the bigger spender on NEKO. No 
affiliation with KARMA (relevant for Calendar & Dating). Developers can pivot to request 
data from users - their businesses may not be totally hurt. On 34: “What is our platform 
strategy with these apps? Recommendation. Option A: Unified Review - Case by case*. 
Maintain access to friend list, friend photos, friend birthdays via Public APIs, (deprecate the 
rest). Review all apps that request above extended permissions and approve if: reciprocate 
with structured data back to Facebook, create value to user and have a great user experience. 
Option B: Deprecate all APIs and Friends Permissions - Whitelist OEMs for OS level apps. 
Benefits. 1. Serve the main purpose of a platform: Allow creativity and new products to be 
built based on open APIs without favoritism and exceptions. 2. Revenue: Leverage 
distribution channels such as NE KO and create opportunities for affiliate revenue through 
KARMA and HUNCH to come in - 1; l tin< icqu reciprocal dat 

i'rom 3 parti(. Improve Facebook Product s: Identity: Obtain more data about the user and 
their interactions with friends and family. A.3, Brad) ds-Ars ;ln: ecosystem ami ""burrow' 1 
ideas that «ork for users or acum-hirc the rjle|”. 35: Case Study: What will happen to 
Refresh? Scenario: Deprecate friends_* Permissions & access to Newsfeed. 



| Value to Facebook. Data Privacy & Trust: No Identity 
data outside FB. Platfonn & Ecosystem cleanup: Set ground rules and clean up current eco¬ 
system.” ADMITS DEPRECATING FRIENDS PERMISSIONS WILL REDUCE VALUE 
TO END USER AND IN REFRESH CASE FRIENDS PERMISSIONS REMOVAL WILL 
BREAK THE APP. 

FB-01364503 - Platfonn Simplification Building Trust. Deck on what is core. Open question at 
end of what to call Beta APIs publicly. 

FB i) 1 - Sukhar and Lacker August 2013 chat. Lacker: “btw vlad said one current goal of 

the api team is to turn off friends-birthdays pennission which to me seems like a mistake. 


















- Archibong Product Partnership Updates from 2014-2015. On 36, April 28, 2015: 



| On 48, graph shows that a lot of developers haven’t migrated to 
login v4 and api v2 yet. Notes that “reputation (mainly dating) Tinder, Badoo, Hot or Not, 
Bumble, Hinge, jSwipe, Coffee Meets Bagel are all whitelisted”. Hashed Friends API: 
Dating - Tinder, Hot or Not, Bumble, Hinge all whitelisted. 51, describes post-f8 developer 
nps -32 back up to 22 which is a win “given the evolution that platfonn has taken this year”. 


FB-01366315 - June 2014 Developer Advisory Board inaugural meeting summary. Uber 
Dropbox, Pinterest, Playtika, Zynga etc., providing feedback on platform, noting that changes 
cause a huge impact 


FB -01366319 - May 2014 email subject “Platform: Who are our friends?” Discuss identifying 
friendly developers based on concerns from Marc Andreessen. Vernal: “Hey - at the board 
meeting yesterday, Andreessen (once again) complained that developers don’t like us and that 
“we don’t have any friends” out there. Sheryl asked to pull together a list of key developers and 
where our relationship with them stands - Are they advocates for us? Neutral? Are they 
begrudging users/de tractors? I think the follow-up question is how we move more people from 
neutral/detractors to advocates.” 


FB-01366353 - March 2014 email from Grace Molnar announcing new “Developer Operations 
Policy (DevOps Policy)” group that combined the Policy Enforcement and Integrity teams. 
Notes an internal website where you can fill out a form about any enforcement issue. Note 
PS12N spurred this and want to provide support. 


01366355 - March 2014 email Chang suggests reaching out to partners like Lyft to get 
mockups on new login v4 flow. line says to hold off on any new integrations. Yang reiterates: 
“We also don’t want app scoped IDs to leak before the event. As a result, no partners should be 
doing any integration work for Login v4 before F8.” Archibong: “Thanks. FWIW. I’m also 
happy with us being more transparent (or at least signaling directional changes) with partners 
that are trusted. For example, Flipboard knows that massive platform changes are coming 
and some of the details. I trust that they won’t leak them.’ 


facebook(«wlessin.com 


On 90, KP 

doesn’t give Lulu an extension because “we are strongly committed to be fair to all developers.’ 
FB enforced non-friends data restriction on Lulu and said they had to apply it to all apps in 
Brazil in order to be fair to Lulu but now is they turn it back on for Lulu then other apps will 















complain so they can’t turn it back on.” That makes absolutely no sense. If Lulu was violating 
policy, then shutting off access to other good apps would have been unfair. On 22, “Allison may 
be able to explain this better, but given the volume of the lawsuits and the high visibility 
this has received we were at risk that the local regulator will prevent us from allowing 
distribution of any friends data in Brazil. I believe taking action for Lulu in Brazil 
eliminated this risk.” BRAZIL REGULATOR THREATENS TO SHUT DOWN FRIENDS 
DATA. 23, KP: “I believe they want to leverage the fact Alexandra and Sam have met 
before, in order to ask for an extension and be able to rebuild the team”. 


01366442 - Jan 2014 discussion of enforcing against Circle and Path and difference of 
opinion on whether Circle is duplicating the graph / violating policy. On 43, KP: “Friends list, 
to my knowledge this is not something we will be deprecating, I may be wrong, but Unified 
Review will prevent apps that we think are competitive from even requesting this kind of 
permissions. Until we figure out a clear set up guidelines that define what constitutes 
competitive, I think we should not apply those restrictions ahead of time.” KP requests that 
Circle get back access to friends data and asks Grace Molnar to approve. Zarakhovsky responds 
that they are duplicating the graph and doing a rather excellent job of it. Once they have the 
friend data, we can’t easily get them to remove it. They are also very directly creating a 
competing social network on top of that graph.” On 48, Grace forwards note to Archibong, 
Huang, Hendrix, Lessin, Osofsky, Faul, Silver, KP, Randall, Stefanki, Zarakhovsky and says she 
assumes not turning back on friends data because of psl2n but asks about newsfeed access. FB- 
01366480 - On 82, Hendrix writes that Circle is violating the reciprocity and core 


functionality policy Platform 1.10. CLEAR EXAMPLE OF ENFORCING RECIPROCITY 
POLICY. EXCEPT A FEW MONTHS PRIOR THE DEVOPS TEAM APPROVED 


CIRCLE’S ACCESS. ON 10/21/13. “Circle justified their need for (and use of) the data 
they were requesting, so no enforcement action was taken.” CIRCLE AS GOOD 
EXAMPLE OF POLICY AS PRETEXT. Archibong notes sensitives given that Andreessen 
and Ron Conway are investors. Grace Molnar, the head of policy enforcement, responds: 
‘€ll - This looks like a business call. If the decision is not to enforce on 1.10, there are s 

other policy violations for which we can enforce as Ali notes. From my perspective, I woul 
like to be as consistent as possible assuming that Circle has similar functionality / 


dill 

ould 


circumstances to Path. We need a solid story if they are very similar and we choose not to 
enforce under 1.10 for Circle.” On 80, then place Circle in 6month moratorium and ask if we 


should state “six months” or “a few months” “with the assumption that PS12N will be 
announced and launch as planned”. Randall: “I’d also recommend saying “coming months” 
rather than giving a specific timeframe for PS12N. We’ll be ready for inquiries on the PR side. 
Likely won’t comment on specify policy enforcements but may give press background that we 
take user experience very seriously.” 


FB-0136647 - Lessin May 2014 email discussion of acquiring Any.do. Lessin on 48: “don’t 
want to acquire the whole thing. We should figure out how to just acquire the talent”. 

FB-01366997 - April 2014 Conversation: PS12N & Messenger Apps. Vernal sets up meeting 
because: “Today, we restrict Messenger apps from using our platform (WhatsApp, Path, etc.). I 
want to know/understand whether we should change our position on this with the PS12N work. 
The answer may be “no,” but I think it’s worth having the conversation in person.” 























FB-01363526 - Identity apps presentation that KP gave to Sukhar and Lacker in Dec 2013. On 
26, KP “We have reviewed this space to identify new opportunities as well as threats and 
came up with a master plan that I have also attached here - still tentative as it is heavily 
linked to PS12n.” 27, Context, Contacts, Reputation, Calendar/Productivity all competitive. 

Apps that pull friends data (mainly photos) from Facebook to enrich contact lists on user’s 
phone. Apps that aggregate data on friends or contacts to provide contextually relevant 
summaries. On 28, Why do we care... Data Privacy. Apps build experiences using private data 
that users have made available to Facebook with different privacy settings. Control/prevent data 
leakages and set example for ecosystem. Overlap with Facebook Products. Significant wit 
our own Product roadmap that could compromise our success in those areas. The apps 
come with good UIs but no new ideas - no real opportunity to find out about things that 
would be engaging and useful to use in the long term. No reciprocal data. No value fror 
the data they could provide even if they did. 29 shows data leakage examples, sunrise 
friendcaster, yahoo, ifttt, mylife.com, synch.me, youtube. Friends list was mylife.com contacts+ 
bitly and i ftt. H as numbers of api requests over 30 days. 30 So what are we going to do? Audit 
existing/future apps that fall under those verticals. Chart showing that when reviewing 
apps if they reciprocate, to approve; if not, block their access, once the developer responds, 
then grant their access after they reciprocate or sign a contract: “1. Scaled and SPD. 
Message developer asking them to reciprocate or sign a contract”. Stakeholders: Product, 
Policy Enforcement, Partnerships, Comms. 31, going to communicate the plan all in one go 
on one day to all developers and monitor over 4-12 weeks “# of developers that react and 
request help with NEKO. % of increase on NEKO spend from apps that have spent last 
than $250k earlier. % of change on Developer NPS score.” 32, “Open Questions. Do now or 
wait for Platform S12n? Do we need to go through this exercise now or can we wait till 
those permissions are deprecated for all in Jan? Should we make NEKO spend a 
prerequisite for access to permissions? Are we at risk for alienating developers or creating 
a platform that favors the guys with the deep pockets?” 


FB-01367139 - March 12, 2014 O’Neil email beginning to prepare press strategy for f8. Shows 
PMs as Cox Antonow Purdy Lessin Stocky Deng Hudack Johnson Catchart Mosseri Gleit Reavis 
James Briggs Vernal Olivan. 


FB-01367155 - Sukhar interview with wired magazine 

https://www.wired.com/2014/03/facebook-ad-network-at-f8/ This morning, Facebook opened 
registration for the conference, and though Ilya Sukhar, who helps oversee Facebook's developer 
efforts, declines to discuss the future of the new mobile ad service, he does tell WIRED that the 
company waited three years to revive F8 in part because it wasn't previously in a position to help 
developers monetize their mobile apps. "That had to be figured out," he says. "There just 
generally was a period of time when the company, as has been widely reported, has been figuring 
stuff out [on mobile]. This is a signal that we think we've figured it out." 


FB-01367265 - Sept 2013 discussion among Sukhar Purdy Liu Vernal on mobile app 
measurement and analytics, acquiring a competing product w google analytics. Liu notes that the 
category leader HasOffers is “in the penalty box for violating our contracts right now Happy to 















fill you in live. Does not mean we could not buy them, but the relationship is rather awkward 
right now.” What happened w HasOffers? 


FB-01367271 - Sept 2013 Thaw Archibong Vernal Sukhar Larkin Purdy Daniels “Platform 
Narrative Thoughts” - On 73-74 Daniels circulates the current narrative that says they’ve been 
listening to all three constituents (users, devs, fb). “We’ve been listening to feedback from all 
three groups.” “For users, we have already addressed some of their concerns with the changes we 
made by separating read and write permissions in Aug, 2013. Yet, we still hear that users don’ 
tunderstand what information is shared with what apps. The biggest cause of this 
misunderstanding is when users see more information than they would naturally expect from 
facebook within apps, or apps are posting information to their friends on their behalf (either 
inside or outside of facebook) more than would be expected. Instances like these cause users to 
question connecting their app experiences with facebook entirely. That is bad for fb, bad for 
developers, bad for users. For these reasons, we are going to be deprecating newsfeed 
API/permissions for all apps, and changing the way that friend information is accessed by apps.” 
On 72, Larkin has an outline for the narrative and point 6 is “What’s not changing (?)” 
suggesting he can’t identify what’s not changing in platform. “I expect a lot of developers 
will be (unnecessarily) concerned by the changes to ‘/friends,’ so I think we’ll want to go a 
bit deeper on the friend changes and how the replacement products cover most core use 
cases.” LARKIN SUGGESTS EXPLAINING FRIEND CHANGES MORE, BUT 
INSTEAD THEY JUST SAY “RARELY USED”. 71, Sukhar: “Totally agree that devs will 
fixate on the friends deprecation. However, I want us to be really careful not to frame the 
“replacements” as actual replacements. They’re just not so I think we’re better off 
emphasizing the focus on trust, the move away from portability, etc.” HOW QUICKLY 
DID SUKHAR GET IN LINE? 71, Vernal: agrees with the framing and makes clear that 
the product teams will now decide what data developers get, not the platform team. 


FB-01367299 - Developer Satisfaction Study Wave 16. -Aug 2013. “I’d hesitate to recommend 
Facebook because it can be unstable and sometimes automated actions by Facebook can really 
threaten a business - as they have mine a few times. In such cases, developers can feel like they 
have no recourse, unless they know someone inside Facebook.” 

FB-01367490 - Pratiti April 2013 Developer NPS, shows tracking Neko on developer 
satisfaction 


FB-01367584 - reactions to NPS Aug 2013 Purdy on 84: “Developers are really questioning the 
value of platform. This topic has been trending up survey after survey, so while we have been 
better about testing, docs, bugs, etc. the value that we deliver to developers is viewed as 
decreasing.” 87 shows NPS comparison open graph, canvas, mobile, pdc, partner 

FB-01367633 - July 02, 2013 Zuckerberg Global Priorities (Product) Meeting on August 12, 
2013. MZ, Cox, Badros, Lessin, Schropfer, Ondrejka, Olivan, Vernal, Parikh, Shaver, Bosworth, 
Goldfein, Stewart, Costa, Stocky, McDonald, Ciancutti, Endres, Narayanan. Mobile deck on 50, 
shows engineer allocations current, end 2012 to target for end 2013. Growth team has 70 
engineers going to 83. Platfonn has 90 going to 106. Messaging has 76 going to 95. Parse has 12 





shooting for 17. Ads has 212 going to 236. Mobile has 111 going to 137. Search has 108 going to 
135. InfoD has 132 going to 167. Infra has 398 going to 466. 

FB-01367652 - Aug 5, 2013 Rose mteam email HPM. Discusses Mark pointing out that the 
“value exchange with developers is evolving”. Already has consumer trust story baked in. 

FB-01367783 - June 2013 Cox brokers among Lessin and Vernal fighting over number of 
designers each has. 


FB-01367812 (same as FB-01370554) - Industry update April 26, 2013. On 13, US iPhone 
App Reach, Aug 2012 - Mar 2013 (source: Onavo) Facebook, Instagram, Twitter, FB 
Messenger, Snapchat, Pinterest, WhatsApp, tumblr, foursquare, Vine, Google+, Path.” On 
14, Vine was the #1 emerging app. Path was the #9 emerging app. On 15, US mobile 
messenger apps, Skype 17% FB Messenger 13.7% WhatsApp 8.6% Viber 5.3% Kik 4.7% 
Voxer 3.8% Tango 3.5% GroupMe 2.4% Line 1.4% KakaoTalk 1.2% MessageMe 0.5%. 
On 16, WhatsApp message sends. WhatsApp sends 8.2 billion messages per day but 
Facebook’s mobile app only sends 3.5 billion. Facebook mobile and web does 11.5 bilbon. 
So WhatsApp sends almost as many messages as all of Facebook. 17 compares mobile apps 
in india, including whatsapp. 18 shows two Onavo dashboards: (1) a URL for accessing 
industry data and (2) a separate URL for accessing mobile ad network data. 


FB-01367820 - Mobile Platform Strategy presentation. On 19, Advertiser trends. 


FB -01367971 - Jan 2013 internal discussion of Mahan’s email about impact of P3.0 on Causes. 
On 74, Mahan is complaining about P3.0 enforcement in January 2013 for a change that will take 
effect Feb 7 2013...“this includes rethinking (and relaunching) platform 3.0 and moving your 
developer platform in line with your revenue and business model.” Newsfeed deprecation. “For 
Facebook, it seems like there is both a short-tenn and long-term rationale to shutting down wall 
posts (and please correct us if this is wrong”). On 71, line: “Agree that we shouldn’t do anything 
for the entire ecosystem. Personally, I’m not a fan of extending this one off to Causes - it 
simply delays the inevitable and in the interim leaves our team to deal with developers (or 
reporters) that will ask why Causes is being treated special.” On 71, Vernal: “Let’s give 
them until March 31 st . Ime - do you want to communicate this to them, and be clear that 
we’re doing this to make sure they don’t go under, but we really can’t go beyond this 


timeframe.” Vernal then forwards to Lessin his decision, showing that this was a favor for 
Lessin since he’s friends with Mahan. 















all our features (nav, etc.) and we should absolutely do it. That said, I don’t think that only 
paid nav is going to be an effective mechanism to drive enough traffic to compete 


effectively with Line, Kakao. Rather, I think we need a program that: 1. Bundles up all of 
our paid distribution channel s(Neko (potential even pinning a Neko ad to the top of feed), 
Paid Nav, Notifications, etc. into a single “campaign” to push a limited set of apps. 2. A 
revenue share model where we get a cut of all virtual goods sold for the life of the 
game/app. 3. A set of folks on our end that both manages the program and ensures that we 



FB-01368113 - Vernal Osofsky Lessin Jolley Rose Archibong Purdy Nov 23, 2012 discuss 
Platform business model blog post. On 18, “hypothetical blog post”. On 17, Zuck sent a recent 
note about this (the reciprocity note). 16, Vernal buckets all these changes as Platform 3.0, 
including reciprocity, removing non-TOSed Friends, Removing a bunch of APIs (e.g. all the 
friend ones). On 15-16, Osofsky then prepares reciprocity policy with Hendrix. Vernal confirms 
Mark’s view of reciprocity on 15, “Mark’s “News Feed” proposal below (requiring apps to 
give us a News Feed for the user)”. On 14, Rose asks “Let’s also add a slide on how we will 
manage the competitive use policy, and whether/how we will enforce differently against 
large developers who are over the size threshold.” 13, pull together audit of top 20 audits 
that MZ knows, loves and is concerned about. 


FB-01368160 - Nov 7 2012 Vernal Lessin Osofsky Purdy Rose Rajaram Heaton, Heaton 
sends deck showing revenue from charging for friends data on 63, shows fees paid by 







Instagram Spotify pinterest yelp and path. “Size the FB revenue opportunity from 5 
selected apps if we were to charge those apps for access to our friends API on a per-edge 
connection basis”. 


FB-01368166 - Nov 4 2012 Vernal Lessin Osofsky Purdy Rose Heaton discuss data 
reciprocity. Vernal defends: “This seems like a pretty clear policy - if you read a type of 
data, you have to let users contribute that type of data back to Facebook. This is ver 
similar to what Google did to us w/ contact importers (they said they’d only expose theii 
contact APIs to people who also exposed contact APIs openly). In terms of enforcement, 
actually think we can do a lot of stuff technically, I.e.: - As part of the POPS review 
process, we control what data your app can access. If you ask for a certain field of data, we 
can test that your API exposes this data back to us. This should be simple/mechani cal (we | 
can build a tool for this). Osofsky on 67 - describing final slides of deck “(Capturing the 
value (pp. 8-9). This proposes a framework to evaluate the various approach to captu 
value (e.g., cost plus, price per data field, price per user, rev share after a user connects, BD 
deals, “loss leader”). 


:ts, BD 


01368198 - OG as a business 8/2012 (from September 10 2012 Purdy email to Lessin vernal 
Jolley Federov FB-01368193) - 99, core value exchange of open graph is centered on 
distribution (apps write to facebook) and data (apps read from facebook) for “better user 
experiences in apps,” presence across web and data portability. 200, “Ive face a series of issues 
with the value model. “Data. Apps ‘read’ from facebook. We are enabling competitors / do 
not have rules that make us truly comfortable with path, pinterest, etc. Currently unclear 
value to Facebook. No natural market dynamics, hard to correctly price. Undermining user 
trust when developers have more data than they need.” 01 is a table of 14 revenue channels 
for monetizing Open Graph, by far the biggest one is “Apps you may like (Neko)” $200M 
business in 2013. Next biggest was $40M for contextual ads on FB. 202 describes paid 
developer program and estimates revenue at $5-7M. 203 describes paid device integration 
program where fb will restrict some apis like stream.get to these partners with revenues of 
$2M. 205 Premium read APIs could be $140M revenues. 206 Write Neko S300-400M 
revenues. 208, “These opportunities basically boil down to...” basic fees won’t generate 
enough revenues. On distribution, “stop artificially ‘boosting’ distribution for free: 
developers can buy sponsored stories if they want to drive traffic, but should be on equal 
footing with other businesses. Open up new stable paid distribution channels beyond 
newsfeed e.g. invitations, notifications, messages.... Launch ad-network on mobile (and 
eventually desktop) to help applications monetize their apps / give us a way to get more 
value from platform.” “Require data reciprocity as a principle and a policy; for top 
partners / competitors require a deal where we can let user simport their data in return for 



























FB-01368413 - OG Business Model Aug 29, 2012. Different deck from above outlining 
Facebook Developer Program. On 24, shows Platform Costs at $287M per year. 25: 
“168,307 apps made API calls last month”. 27: Partner costs, Spotify $1.3M per year, Yelp 
$16,177 per year, Netflix $49,743 per year. Shows Path Yahoo Flipboard RockMelt, 
CityVille, Pinterest, Instagram. 32 shows external API usage 96% of calls are read, 4% of 
calls are write. 34 shows 462,477 apps with lOMAUs, 104,647 with 100 , 39,133 with 1,00 0, 
10,931 with 10,000,1,964 with 100,000, 333 with 1M, 43 with 10M. 37, 



FB-01368446 - Aug 16, 2012 Lessin prepares a board deck discussing distribution 
monetization and platform changes describing paid developer model. On 46, Rait 
comments: “Backing up, my take is distribution is much simpler to think about since it is 
just advertising. Estimations here are a bit complicated by the fact that we are giving away 
so much for free today (and as we move away from this, it’s not obvious how many 
developers who aren’t advertising much today would be willing to pay), but the model itself 



FB-01368462 - Mobile/Login Survey May 22, 2012. On 68, for Facebook users: “Barriers 
to using Facebook Login: I prefer to keep separate accounts/not link app or game on my 
phone with my Facebook account 61% I’m not sure what personal information/data will be 
shared with the app/game 61% I don’t want all app activity from the app or game shared 



16% of iphone users don’t have FB accounts. 75, for Facebook users, Facebook is looking 
out for me and protecting my best interests 36% disagree, 28% agree. 


FB -01368557 - June 25, 2012 Rose Vernal Osofsky Lessin Daniels Yao Purdy. Osofsky says 
he and daniels are meeting Dave Morin on June 27. Framework for agreement is that Path 
synchs all its profile data with FB and FB agrees to provide friends list but Path has to 
delete all friends data if agreement is ever terminated. Yao: “We will restrict user/friends 
as well as email info if they don’t agree.” 


FB-01368655 - Dec 11 2013 Search Deck. “The world deserves better answers”. Shows friends 
recommending product, use friend graph for FB’s own products. 


FB-01368835 - Feb 15, 2013 Rose HPM to mteam. Updates on Atlas with Microsoft, Apollo 
with Qualcomm, Craig Federini at Apple said “we’re raising a variety of tough issues for them 









(e.g. Aura), but he feels like we raise issues in productive ways and push their thinking forward 
(big improvement from our previous interactions with Forstall).” “Platform: Align developers 
with our platform direction”. 

FB-01368837 - Jan 20, 2013, Ime gets back to Matt Mahan to share the news Vernal decided. 


FB-01368869 - Jan 2013 Vernal email regarding an issue Lessin has “raised a few times” asking 
should apps like AppGratis be allowed to use Neko. Vernal initlaly thought it was fine since FB 
lets competitors use its ad system and only excludes a very small number of advertisers and FB 
is being compensated so what’s the big deal. Purdy and Lessin convinced Vernal that these apps 
should not use Neko because they are directly competitive with it and they are uniquely 
qualifying their leads (only getting people interested in installing apps from other apps - which 
hisa neat hack but also scary). Plus, if they can afford to spend a lot on neko that probably means 
it makes sense for them and neko is leaving a lot on the table. Liu recommends letting them use 
neko “Whereas WeChat and Whatsapp are directly building social networks, these discovery 
apps are doing something more similar to Apple’s app recommendatinos in iTunes. 


01368870 - Jan 15, 2013 Osofsky note to Lessin, Vernal, Rose, Ryan, Swain “Addressing 

app quality”. Osofsky on 71: “Sam, Sena, and I had a good discussion about app quality 
yesterday. While we’ve begun to address the most significant competitive issues (e.g., 
Wechat), we’re making less progress on (1) apps that reproduce core functionality (e.g., 
Mycalendar) and (2) apps that read lots of data with little reciprocal value exchange. I 
think the challenge with these latter categories is that no individual case is compelling 
enough to address. However, collectively, these apps present a real cost. They’re misaligned 
with our emerging overall direction, send the wrong signal to the next generation of devs 
and investors, and are a drain on our xfn team as we deal with them as one-offs.... In the 
next few days, I will setup a quick 1:1 with each of you to get your input and align on a 
clear recommendation of how to move forward. I’m more focused on a pragmatic 
approach that pushes us in a direction that we all know feelsright (e.g., eliminate the 
category of Mycalendar apps and apps which leach FB data) rather than developing a 
perfect philosophical framework. There are a few options (which are not mutually 
exclusive): Policy. Update our policy to (1) restrict apps from reproducing core 
functionality and (2) emphasize reciprocity. We would then enforce against the Singly and 
Mycalendar app categories. Alternatively, we could more rigorously enforce the threshold 
of when devs need to have a deal with us. However, if we go the policy route, I’d prefer to 
explicitly signal our intentions than enforce an ambiguous policy. Ops reviews. Implement 
more stringent ops reviews and prevent apps from launching in categories where we’re not 
comfortable (e.g. reproduce core functionality). Essentially, this would make our app 
review process look more like Apple. Remove friend APIs. This is the most scalable 
solution, but likely requires a meaningful product give (e.g. better friend invite flows) to 
make it palatable to developers. Distribution channels. Restrict the distribution channels 
which enable spammy apps to grow. Do nothing. I think that the status quo is worse than 
any of the above options. These issues will only getmore painsul as thenext set of devs raises 
VC to build on our platform, and we’ll continue to spend internal cycles.” ALL THE 
PS12N CHANGES BUT WHERE IS THE DISCUSSION OF USER TRUST, CONTROL, 
PRIVACY. On 71, Purdy suggests getting everyone in a room. “I personally want to get the 





duplicative policy in place now and use it as the mechanism to implement harder reviews. 
BTW: I met with Singly yesterday. I don’t think we are all calibrated on them as they are 
decidedly in the helping us rather than hurting us camp.” On 70, Vernal: “I think Mark’s 
comfort with us not implementing Platform 3.0 in HI is because he’d much rather us focus 
on moving core metrics that create value than worrying about being defensive / in clean-up 
mode.... The vast majority of our time (80%+) should be spent on getting data or money 
from developers.... On the flip side, changing rules, deprecating stuff, etc. has very real 
cost - partnership cost, ecosystem cost, PR cost, eng cost, etc. That cost also tends to be 
very thrashy (things will get escalated to Mark, and we’ll end up spending our time with 
Mark talking about low-leverage things in the past rather than high-leverage things for the 
future).... My feedback below is about going back to folks that have already launched and 
creating thrash. E.g., if we make Canvas “Games only,” we’re going to either kill Causes or 
make an exception, they’re going to escalate to Mark, and we’re going to spend 30-60 
minutes talking about this with Mark instead of talking about how to maximize data 
acquisition or maximize revenue acquisition.” 

FB-01368882 - Jan 14, 2013 Vernal mteam Open Graph HPM “We made the decision this week 
to prevent Messenger apps (notably WeChat) from using our advertising products. This will hit 
Neko revenue, but we still had 50% w/w growth if you shut-off WeChat. On 88, shows Neko 
deck with CPIs for top partners. Plus500 has the highest at around $19 CPI. Instagram, Candy 
Crush lowest at ~$0.50 CPI. Nike at around $3.00 CPI. 


FB-01368909 - Nov 29, 2012 Boz email “structural concerns” regarding ad priorities and future 
of neko. 


01368932 - Nov 26, 2012 meeting Purdy, Vernal, Lessin, deck being circulated OG 2013 
Plan. On 41, Goals. Launch the new platform business model (Platform 3.0). Complete the 
transition from desktop to mobile. Become the leader in mobile app advertising.” On 46, 
Platform 3.0. “Deprecate/Restrict existing APIs to support new business model.” On 53, 
discuss user NSAT goal to increase platform trust from 25 to 40. Have user story baked in here. 
On 67, shows number of 30-day active developers at 117k, native mobile developers at 27k and 
mobile web developers at 33k. 


FB-01369059 - Nov 8, 2012 Osofsky, Vernal, Purdy, Rose, Lessin, Heaton. “Deck”. FB- 
01369062 deck, first page shows current state of platform business model with friends graph and 
friends data accessible through basic read api. 63, “key questions, level set on how developers 
‘read’ data today. Analyze approaches to capture value: cost plus, price per data fielc 
price per user, rev share after user connects, custom bd deals, loss leader.” IF PRIVAC 1 
WERE THE ISSUE, WHY WOULD YOU BE CONSIDERING SCENARIOS WHERE 
DEVS PAY FOR THE DATA THAT VIOLATES PRIVACY? On 64, it says “highlight 
mark’s row and charging per field row and loss leader” - which one was Mark’s row? 65 shows 
daily “get” api calls. User friends is one of top calls. 66 tries to quantify the value of graph data 
charging on a cpm/cpc basis for ads. 69, non-game developers struggle to quantify the value. 
Shows iphoto, Netflix, pinterest, windows, yahoo, dropbox, viddy, Spotify, bin g, g uardian. 70 
“Capturing the value: potential approaches (not mutually exclusive). Cost Plus, Price per 


















data field, Price per user, Rev share after a user connects, Custom BD deals, “Loss leader”' 
OG and login drives ads and payments.” Then gives low/medium/high estiamtes for 


revenue potential, impact on # devs, alignment with developer monetization, scalability, pr 
risk, non-canvas is standalone P&L. describes custom bd deals as “impacts few devs, but 
creates perception that rules can change” and PR Risk is medium. On 71, creates a 
strawman proposal that removes friends’ data noting “big potential privacy win”. Friend 
graph charging “friend finding is primary, differentiated value for apps, also primary 
strategic risk for us, scales as app grows, scales for more valuable users. User ext. info “not 
that strategically risky: competitor policy and data reciprocity requirement help hedge 
strategic threat. Policy changes: define competitive networks + require they have a deal 
with us, regardless of size. Maintain size-based thresholds for all other developers to force 
business deals. Require data reciprocity for user extended info to ensure we have richest 
identity.” On 74, lists the types of read data, the category, whether there is an alternative 
source of data for developers, and the type of developer which values it the most. “Friends, 
friends graph, mobile contacts, competitors”. “Friends photos, friends ext-info, n/a/, 
competitors”. On 75, describes “BD deal framework. Data reciprocity (e.g. Twitter, Path), 
Payments (e.g. Spotify), Ad Network (e.g. Pandora). Product Integration (e.g. Dropbox). 
Growth (e.g. Skype). Advertise.” Potential deal type mapping. Photo/Social needs data 
reciprocity, other categories like games, online video, music, commerce must agree to deals 
with FB’s ad networks, payments products. 77 shows platform P&L with Neko Ad revenue at 
$250M 18mo run rate. 79, “Proposed API changes”. “Friend Graph - App-User Graph, 
Non-App-User Graph, Restrict to app-user-friend graph only. Friends’ basic info, friends’ 
contact info, friends’ extended info “remove access”. Stream API “remove access”.On 81, 
“Proposed policy changes”. Require competitive networks, regardless of size, to have a 
deal. Potential approach. “Competing social networks, apps and other services: (a) You may 
not use Facebook Platform to export user data into a competing social network, app or 
other service without our permission; (b) Apps may not integrate, link to, promote, 
distribute, or redirect to any app on any other competing social network, app or other 
service.” Maintain size-based restrictions (though possibly adjust thresholds. Require data 
reciprocity. Charge f or APIs with offset based on ad spend, participation in ad network, o r 
using FB pavments.” 



182, “Proposed Changes. Remove access to non- 
TOS’d friends in friend list, friend profile data. Replace with Paid Invites , Premium 
Recommendations API.” On 83, “Remove Non-TO Sd Friends. IMPACT, s 

growl It ch;iiiiid used by 25% of aS! Face bool, a pp| Eliminates custom friend selector 
essential to many larger games. Will drive more mobile apps to use the address book 
instead of Faceb ook. MITIGATION STRATEGY. Larger apps on Facebook cou ld use paid 
invites instead.” 



Top ten were Farmville, Chefville, Cityville, Castleville, Skype, 
Spotify, Xobni, Texas Holdem, Hidden Chronicles. 85, “Remove Friend Profile Data. 
IMPACT. Eliminates ability to generate custom recommendations and ‘friend stats’. 














MITIGATION STRATEGY. Recommendations API could provide better data anyway fo r 
common cases. |"~ 

On 86, top ten apps requesting friend permissions, | _ 

"] Top apps are Yahoo Trip 
Advisor Wish Skype Microsoft Birthdays, Samsung, Glassdoor. 87, lists 20 more top apps 
calling friends list. 


FB-01369146 - Sept 17, 2012 Purdy note to Vernal Lessin Jolley Federov Rose Osofsky. “We 
reviewed the attached presentation and model with Zuck today. We decided to implement three 
different aspects of a paid developer program: 1. A yearly per app fee to make an app available 
to users.... 2.Enable device integrators to implement a FB replacement experience for free as 
long as they are as efficient as our mobile apps (any CPU costs above this must be paid for by 
the integrator). 3. Enable app developers to build a personalized, social experience for free as 
long as they are efficient with their API calls.” Goal is to acclimate developers to paying for 
platform, align economic inventives with developers, create a barrier for spammy/malicious 
developers. “We are hyper-sensitive about how this program will be viewed by developers, so 
couching this as: 1. Value-add (EAP, paid support, more professional platform) 2. Non¬ 
impacting for most devs (many devs will only pay the yearly) is going to be important.” Hope is 
to announce program in Jan and roll out in Feb. Zuck decided on paid developer program and 
then reneged. What happened between Sept and Nov? 


01369295 - Aug 20 2012 Osofsky Lessin Boland Purdy Vernal discussion “CRM (Experian 
deck) and Platform data”. On 98, Trainer to Lessin cc Hendrix: “Tl;dr - our policies say that 
Platform data can only be used “to improve the application experience” but we don’t 
a good definition of what the boundaries on “application experience” are.” THIS IS T1 


PROBLEM THEY OVER-ROTATED SOLVING. Key examples are using social data in 
emails to app users and using social data in offline activities. Lessin says the right people to “iron 
it out are probably me + doug purdy + vernal + Justin osofsky.. .let me take it as an action item 
to follow up on this”. 97, Hendrix notes that policy II.6 already prohibits Experian from 
accessing any Platfonn data because they are a data broker. They just aren’t enforcing the policy. 
Trainer shares salesforce asks on 96 and Lessin responds that what Salesforce is asking for us 
exactly wat they “need to make sure we are NOT enabling others to do via platform.” On 95 
Osofsky agrees to tighten policies and enforce aggressively. 


FB-01369317 - Lessin Aug 14, 2012 email slides for board w Rose Purdy Vernal Rait Ebersman. 
More complete version of prior same board deck above. On 18 slides start, on 28 shows that 
“Read API Usage Has More Than Doubled. There were 11.6B read calls on 5/1/2011, and 26.6B 
on 8/1/2012 (+129%). -80% of the increase in read calls can be attributed to 60 apps. 29% of 
this increase was driven by non-game, non-OEM-style apps with questionable willingness to pay 
for API usage (Zperia, eBuddy, Pixable, ICQ Feeds, Swaylo, Klout. On 29, Read calls account 
for 84% of total API calls. Categorizes read APIs and friends is a significant chu nk in the pie. On 
30, shows apps calling read APIs at disproportionately high rate and calls out Path. 


FB-01370577 - Facebook Home deck March 29, 2013 “Welcome to Facebook Home a whole 
new experience on your phone that puts your friends first” Another deck at FB-01370607 - On 
67, software, not hardware or OS. On 68, phones designed around people not apps 











FB-01370615 - “active conversations with our major partners” analogizes all major partner 
discussions to different international sovereign nation discussions. Apple like China, need to play 
by their standards, innovate on Android and Apple will need FB to keep up. Samsung and FB 
need to protect their island against Google. Microsoft like US negotiating with UK after 
revolutionary war. “WTF we made you” 


FB-01370641 - March 15, 2013 industry update. 42, Onavo comparison of FB Instagram 
Twitter FB Messenger Snapchat Pinterest WhatsApp Foursquare Google+ Vine. 43 
compares engagement shows Instagram foursquare twitter facebook snapchat wahtsapp 
pinterest fb messenger ranked from highest to lowest engagement. 

FB-01370646 - Facebook Platfonn March 15, 2013 presentation. 48, HI Areas of Investment. 
User Trust. Make it safe to use Facebook-enabled apps. 51, Unified App Review. 55, Ads. Goal: 
Help developers become successful advertisers. Key Metric: Revenue. 56, Install Ads, Re- 
Engagement Ads, Buying & Measurement, Sell, sell, sell. 

FB-01370668 - Public Content Partnerships. 69, “We are losing mindshare with broadcasters. 

We are losing an advertising medium to Twitter.We’re not the tactic that people use in their 

TV spots.” Rest of deck analyzes Twitter and describes strategy to use Instagram to copy it. 


FB-01370689 - Jan 27, 2013 Vernal tells Lessin “I got this” responding to Matt Mahan’s email 
about causes going under. 


S B- 01 3796^ - Jan 14, 2013 email Hoffman Vernal Osofsky MZ Olivan Sandberg Rose Stretch 
Schrage Schroepfer Ullyot Ondrejka Lessin. 01, Aug 17, 2012 Hoffman emails Fischer about 
Twitter wanting to run neko ads, noting that FB agreed a year ago that it would accept ads from 
Twitter, “but just want to make sure our thoughts about them as competitor haven’t changed in 
the meantime”. Fischer says they need to have a larger conversation about other competitors and 
that his take is to allow them because otherwise FB can’t have the best ad network but “this 
needs debate and to go up to Mark. Can you frame the broader decision set we need to consider 
for Elliot and me and we can then take to Sheryl and Mark?” 00, Hoffman describes three 
options: 1. Restrict lots of apps in social network, photo sharing, messaging, local, social search, 
platforms 2. Continue to prohibit only google. 3. Allow google and let all competitors use app 
install ads. Hoffman recommends 2 or 3. 99, Badros says he would be ok with not doing an 
explicit block if they incorporated the “competitive cost” into the price they charged companies 
like twitter, etc. otherwise they should block all actually competitive apps. He puts “a/c 
privileged” at the top of the email. 98, Sandberg “I would block Google. Mark?” MZ “I wouldn’t 
allow G+, but the rest are probably fine” Sandberg: “Making sure we are getting this right: no 
G+. other google properties? Price higher for the entire competitive list, correct?” MZ “Yup, for 
now. We can always change later if the market develops so our comp etitors are a smaller part.” 
Sandberg: “Yes or no to other google properties?” MZ “yes for now”B } fr-xher: "i continue 




96, Vernal: “I also agree. I also think 
we should be more aggressive about using house ads with our own products, to both 
promote those apps but also to dogfood our own ad system.” Rose adds Olivan “(+Javi) if 
we don’t block WeChat / Kakao / Line, should we reconsider our decision to block G+? 
Also, the thread below suggests we would increase the price for competitors. If we don’t 
block them, should we at least charge a premium to account for the cost to us of their 



follows up on MZ prior decision to restrict Google properties on neko but not others. Hoffman 

on 90: “However, given the changing competitive landscape, we’ve been asked to revisit 


I 


whether we should extend this restriction to messenger apps... On the Platform side, we’r 
restricting access to friends.get for all messenger apps so that they’re not using our data to 
compete with us. If we decide to begin rejecting ads for messenger apps, we have a couple 
of options (I recommend the 2 nd ): Reject ads for WeChat and a specific list of competitors. 
This is “surgical” but the list is difficult to maintain as new products/companies become 
successful and it’s difficult to explain. Rejects ads for all messenger apps. This would 
potentially affect more advertisers, but it is easier to consistently enforce and explain, 
especially since it mirrors the Platform policy. In both scenarios, we’d still allow Wechat 
and oth er messenger apps to have a Page, but they could not advertise or access the frie nds 



FB-01370710 - Olivan redacted version - no basis for withholding. 

FB-01370727 - Dec 16, 2012 Purdy Vernal Lessin. Preparing deck for MZ discussion, shows 
Lessin communicated with MZ directly, Vernal and Purdy working for Lessin. 



i !v-0 1 370S.J - Sept 17, 2012 Purdy Vernal Lessin Jolley Federov “Materials for today. I made 
some updates. Feedback still welcomed, but this is the final draft.” FB-01370824 - OG Business 
Model Access/Read. 25, Platform Costs. Managing the third party developer platform costs 
Facebook $220M per year. 26, Revenue models assume drop off of 89% in total apps to 30k 
yields $3M up to 43% drop off to 160k apps yields $16M. 29 models api access costs and 
revenues. 31, Partner Impact. Spotify $1,544,784. Netflix $56,491. Yahoo! $75,309 Flipboard 
$599,963. Path $56,134. Edmunds.com $100. Threadless $214. 33, Start to brief partners in 
October, Announce program in January, Roll-out program in February. |S, INcr API Issues. No 








137, revenue impact for paid api programs. 
Registration only, registration + Personalization, Registration personalization + Acqui 
APIs, FB Replacement APIs. 
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talk about three-year-plan stuff, and one of the discussions we’re going to have is around 
the Open Graph business model.” Sam at burning man and they dropped the ball on the 
deck and want Purdy to do it. Vernal wants to cover Read and Write APIs (free versus 
premium). “For read stuff, I think the basic framing was: We move all IDs from UIDs to 
per-app/hashed IDs in the system. You can always bring your data to an app (your 
statuses, your photos, your events, etc.). You can bring your friends tha t are also using the 
app to the app; ideally you can’t bring non-app-user friends to the app [~ 



The CRM stuff I think is the idea that others can also 
write this data into the system and attach a charge for other people to use this data.” CRM 
is Sam’s thing. Purdy confir ms he is working on it. 41-43, Lessin shares his notes from 
Friday on Aug 30, 2012: “(A) 



| There is a ‘write’ side, whereby businesses can get 
permission to write to the graph on behalf of users. There is a ‘read’ side, whereby 
businesses can get permission to read from the graph on behalf of users. On the ‘write’ 
side: The value proposition: you can write to our system both messages on behalf of users 
(think explicit posts and timeline boxes), and messages on your own behalf (think page 
posts) to drive growth and re-engagement. We give you a natural amount of distribution 
for free / to make our user experience best, and we charge for everything else. Applications 
can write whatever they want to the graph on behalf of users (with the user’s permission in 
most cases). Distribution: All content written by applications gets the natural amount of 
newsfeed distribution based on the NF algorithms for maximizing engagement & user 
happiness. Any /All applications can pay to up-rank themselves in feed if they want more 
traffic. Any /All applications can pay to get into premium channels (invites, inbox, etc)... On 
the ‘read’ side: The value proposition: you can read from our system. Users can always 
give you the information they h ave given us directly in order to help you customize your 
service / provide better service. 



| Applications can use Facebook for ‘login’ to allow users of their application to not 
need to remember another password, etc. User-Data. Applications can request a user give 
them their data in order to provide the user with a more custom experience (NB: the user’s 
data is explicitly the data which the user hs entered themselves into Facebook - e.g. Name, 
profile photo, hometown, etc - It is not tagged content, etc.). This effectively resolves to an 



(probable location, account trust score, account age, etc.) (Data provided by third parties - 
information which third parties have contributed to the graph on behalf of a user). We allow a 
limited number of calls for free to Any / All applications for this data (and always free calls for 
the admins of the app). We charge everyone on a per-call basis for this information. We have 
a standard rate card, but require a deal and price based on understanding of / commitment of 



Extending the platform to make it more valuable for engagement by anonymous writes and 
targeting. The question here is what is the full opportunity / how big a deal or valuable is it 
for these functions to exist [skipped most of B on targeting users in paid invites].(C) 



and rather than do it himself he’ll just send Lessin the deck. 

FB-01370849 - Aug 20, 2012 Purdy Boland Osofsky Lessin Vernal “CRM (Experian deck) and 
Platform data”. 49, Boland notes that he met with Hendrix who is looking for “guidance form us 
(specifically Sam who has designated the three of us).” Three of us being Purdy, Osofsky and 
Boland it seems. Boland: “but I worry right now that we don’t have anyone really responsible for 
and is driving how we should thi nk about data in / data out of FB. 

FB-01370875 - July 2012 email discussion between Vernal, Lessin, MZ and Rait regarding 
future of OG, still seems like devs get friends list. 83, MZ, “With IP, you only need to prompt for 
intentional write perms or optionally for profile box addition and thus skip the read step listed at 
the top (you also will likely need to prompt for things like email or at the very least nonstandard 
user data/any data from friends).” NOT REMOVING FRIENDS IN JULY 2012? Vernal on 78: 
“We need to end the year with the sense that if we removed OG, users would be really 
unhappy.... I think the best way to do this is to focus on OG as a product that helps users fill-out 



their Timelines. We need to create the sense that your profile is empty, and that adding helps to 
fill out your profile.... I thi nk one of the failings of OG has been that we’ve tried to be too 
generic - we tried to create a developer product with generic concepts like List views, and Table 
views, and Grid views.. .but what we ended up with was a dry way to view activity but not 
something with a real emotional hook... .As a concrete example, I took the time to import 5+ 
years of running history into endomundo. That’s 600+ runs. That box/tab could be amazing, but 

it looks like crap because the tools to visualize that tab are too generic.To fix this, I thi nk we 

should.. .pick ~8 verticals where we build a great experience that are top-level nav items, but 
also allow third-party apps to show up there.” On 75, Vernal then reads and reacts to Lessin’s 
“impressive tome” and Vernal and Sam disagree on being collection-centric vs app-centric. 
Vernal wants to be app-centric, Lessin collection-centric. They agree to come up with a plan to 
present to MZ. FB-01370902 - Lessin diagram. 


-01370903 - Lessin tome from June 2012. 03-04, Lessin notes that FB does not own the 
information layer but is like a Gringotts from Harry Potter “the safest place to store anything you 
want to keep safe”. Defines IL, AL, Claims, Agents, Publisher, etc. 05, “Facebook Platform 
Business: Our Infrastructure and Market Making Business”. 06, “except foursquare” can’t 
export check-in to foursquare - is that because foursquare is the app or because it’s a competitive 
app and it’s a check-in on FB? “User uses a service called Pinterest which makesit easy for the 
user to make certain type of Claims about themselves (things they like (Pins), people whose taste 
they like (Follows), etc.). The user wants to publish those claims to Facebook to express 
themselves (see reasons for checkin), and Pinterest wants to publish to Facebook because as a 
business they want economic gain. For Pinterest as a business this economic gain takes the 
form of Distributin (which they hope resolved down to cheap user acquisition, and 
eventually monetization). Monetiation directly (they are collecting valuable information 
about their userswhich they hope to monetize), and in an ideal world use (users like 
Facebook-IL and Facebook-DL so much they will not use Pinterest unless it publishes back 
to Facebook). Pinterest holds an agreement / terms with their Users in keeping with any 
regulations ot which they are a party which allow them to publish to Facebook-IL on their 
behalf with certain rights withheld. Critically, as part of the agreement Pinterest publishes 
information to Facebook impersonating their users (with their Users as the ‘Author’ of 
each claim). Because valid authorship is critical to the integrity of the graph, Facebook-IL 
requires the Pinterest User to confirm via FB directly the permission for Pinterest to 
publish a Claim in their voice to an Audience greater than Pinterest + the User via GDP. 
Then, based on Pinterest’s terms of service Pinterest grants the User (Agent) permission to 
modify the Audience of the claims Pinterest is writing on their behalf, remove any claim 
they wish, etc. Pinterest itself withholds the ability for certain specific competitive 
companies to use the Claims they have written to target offers to the use (and the right to 
update that list), and Pinterest establishes a fee-per-clickthrough (or impression) whenever 
a Claim that Pinterest has written is used to target the User with an advertisement that the 
User finds appealing.” 07, “Audience is not allowed to export to other applications”. 
Lessin’s plan contemplates removal of friend list, reciprocity, charging for premium read 
data, etc. 13 - “5) There are a limited set of terms / rights which we reject / do not allow & 
terms which we force. ** We will never allow the use of some terms.. .the clearest is probably 
ny term that precludes Facebook-Apps from the right to run queries over all data to 
roduce derivative claims, so long as we destroy our claims if the underlying data is 


I 










removed. This creates a healthy tension with our developers so long as we are OK with 
allowing them to remove data at will (at a cost to our users, but hopefully in a manageable 
way /a. way that we can put blame on the app and not on us), where they can’t prevent us 
from making derivative claims, but if we do things which harm them too much (build 
averting clusters to avoid paying them fees they think they are due, etc. they can drop out 
of our system). Phrased differently, publishers must grant us the right to aggregate 
information to (1) present it to our users (2) provide targeting capabilities to Agents in the 
system. A secondary right which fits in this category is the right to notify / update Agents in 
our system of any change in the terms which govern claims in which they are referenced 
and where they are part of the Audience. All this said, we should use this ability extremely 
sparingly. The more we require things of Publishers, the smaller the share of voice we will be 
able to represent in our system.” June 2012 Lessin describes reciprocity without the term. The 
“secondary right” says FB can screw over developers whenever they want. 

FB-01371426 - WhatsApp acquisition announcement Feb 2014, 36 is another announcement 
with more detail on price, 48, 56, 69, 75 all different bank reports on deal. Some say it’s a 
surprise, lofty valuation, unclear financial sense 52 etc. 

FB-01372791 - Payments 3.0 Strategy, 813 PayPal - Considerations “Letting PayPal use login 
could accelerate data and usage, but with risks. We hope to partner, but will tread carefully.” 

FB-01373003 - “PLATFORM” deck. 08, HI Post-Mortem “Social reading cost us in terms of 
user trust/perception. Need compelling experiences for users to trust/wants their data in OG.” 11, 
move from desktop to mobile, launch neko. 

FB-01373037 - June 25, 2012 message btw Lessin Osofsky Vernal Rose Daniels Purdy and 
others. Osofsky says meeting with Morin and Van Horn at Path and will propose a total 
reciprocity deal and if Path doesn’t agree will restrict friends data. Yao wants to make sure “we 
get them on the list. We will restrict user/friends as well as email info if they don’t agree.” 
Vernal: “I think we should frame this as much as possible as a product experience thing and not 
as “all your data are belong to us””. 




WINNERS IN DATING APP SPACE. 


FB-01373081 - Liu Jan 26, 2015 Platform HPM. “Due to increased developer outreach 
over the past 2 weeks, the Login Review submissions metric has seen strong uplift. 

Recently, we sent 16k Dev Alerts and 36k emails to apps that need to go through Login 
Review. While this is still early, it’s a promising sign that we’ve found a good tactic for 
reaching developers that need to take action before Old Login and Graph API 2.0 are 
deprecated on 4/30/2015.” THIS IS THE NOTICE BATCH THAT 643 WAS PART OF. 

FB-01373218 - Feb 2014 Nick Kucharski SEV Review Agenda. 22, users unable to share 
youtube videos because “YouTube is included in a sitevar that prevents them from seeing any 
unTOSed users. We fixed it with a sitevar flip but Vlad did not want that sitevar to remain in that 
state for longer than a few hours as it exposes us to YouTube scraping the API. So we decided to 
hotfix a solution (using an app ID of 0 in dialogs only).” 

FB-01373260 - Randall Feb 21, 2014 “Continuing work on an exclusive with the New York 
Times re: Login v4.” Randall also says that a Re/code article showing that Twitter can’t be the 
next major Platform for apps because FB has so much more scale than Twitter is a must read. 

FB-01373306 - Jonny Thaw Oct 2013 email with a Fast Company article on Facebook’s App 
Strategy and hits and misses, http://www.fastcompany.com/3018604/facebooks-app-strategy 



FB-01373376 - May 2013 Weekly Platform Monetization HPM: Mobile app Install Ads. Neko 
update. 

FB-01373378 - May 2013 Thaw email on Platfonn Weekly News. and Mike briefed 



| KNEW AS OF 

MAY 2013 AND TELLING REPORTERS ABOUT IT BUT DID NOT TELL PUBLIC OR 
643. 


FB-01373479 - Liu March 2013 Weekly Platform Monetization HPM. “Neko hits $1M a day for 
first time on Thursday thanks to Zynga’s major Mobile Target Block buy!” FB-01373500 - 
attachment to Liu update. “Mobile app install ads” deck. 01, “Mobile App Installs. Advertisers: 
Be the single best source of quality installs at scale. Users: Provide an easy to discover apps that 
is sentiment-neutral.” 05, goal is to have Neko at a $1B+ run rate by 2014, which would give FB 
$1B out of the $3.5B mobile app install market. 07, examples of Neko design over time showing 
Word With Friends ads from June 2012 to Feb 2013. 11, “Opportunity to grow with top 
mobile developers. 250 top developers with Platform Partnership relationship do not have 
a Sales contact.” This is because they grow organically through Platform. 36, financial 
services oppty w example company partners Amex Citi Wells Fargo. 37, eComm/retail oppty 
with Wal-Mart Target Best Buy Macy’s. 38, Travel w/ TripAdvisor Expedia Southwest. 

FB-01373543 Swain March 2013 Platform Weekly News. “We worked with Libby Leffler to 
advance our platform for social good narrative and to announce the release of new best 
practices for non-profits.” Notes WSJ article by Evelyn Rush “Tensions Rise Between Facebook, 
Developers” and “The story is balanced by quotes from Doug, as well as developers like Kixeye 
who have experienced success on Platform. The story was reposted on AllThingsD and saw 
some limited additional pickup from Business Insider, among a few others.” MessageMe 
announced they had reached 1M users since launch and notes “MessageMe being partially 
disabled due to a violation of Platform policies.” Zynga article about separating more from FB. 
44, Mashable article on non-profits and FB http://mashable.com/2013/Q3/21/facebook-non- 
profits . FB Strategic Partner manager Libby Leffler: “Being agnostic means anybody can build 
on our platform. The main thing to think about when we meet with non-profits is that everyone 
has a different motion and an individual approach. Each of these organizations is going to go 
about achieving that mission in a different way on Lacebook.” 

FB-01373795 - Liu Weekly Platfonn Monetization HPM Jan 20, 2013. Lor NEKO: “Revenue 
grew 50% and hit $725k this Friday - Neko is now 5% of total ads revenues and 20% of mobile 
ad revenue! Wechat and other competitive networks are no longer advertising on Neko based on 
policy. (Please contact me if you have any questions).” 

FB-01373862 - Oct 9 2013 Hendrix email Platform Policy Rewrite. “The Platform Policies will 
be updated when we announce PS12N.” 




FB-01377843 - The Street, “Mobile Makes Facebook Hot Again” Jan 2013 Dana Blakenhom. In 
the last months FB has become a hot company again and now being talked about along with 
Google Amazon Apple. The Facebook comeback is based on one word: “mobile”. 

FB-01377992 - Jan 2013 certain FB execs start transferring their stock into shares that could be 
sold more easily. 

FB-01378838 - Dec 12 2012 Must Read Articles about Facebook’s new privacy changes at end 
of 2012, Privacy Shortcuts, Loss of user control over who can search for you on timeline. FB 
floats the user trust and control message in Lessin interview. Isaac writes: “And this, my friends, 
is the point. If we can feel at ease and in control of what we’re sharing and with whom, there’s 
less need for the Paths, the Google+’s, even the Twitters of the world.” 39, NYT article on same. 
“Stop me if you’ve heard this one before: Facebook is making changes to its privacy settings.... 
The company is eliminating the ability for people to hide themselves on Facebook’s search, a 
control that until now, has existed in the privacy settings on the company’s Web site.” 

FB-01379322 - Nov 30 2012 “Facebook and Zynga to End Close Relationship” BBC News. 
“Facebook and Zynga have amended an agreement that gave the games developer strong access 
to the social network’s one billion users.... It is the latest blow for the company, which last 
month announced job cuts and studio closures.” 

FB-01381966 - Oct 2012 article “Facebook: The Making of 1 Billion Users” Bloomberg 
Businessweek by Ashlee Vance.” 71, “We are trying to map out the graph of everything in the 
world and how it relates to each other,” says Michael Vernal, one of the company’s top 
engineers. The goal, he says, is to record every book, film, and song a person has ever consumed, 
then build a psectactular model of other things that person could enjoy. Take that vision to its 
logical end: You show up in a strange city and Facebook tells you what bar to go to. When you 
get there the bartender has your favorite drink waiting, and you’re able to look around the room 
and see if anyone there went to your college or likes the San Francisco Giants. You may find this 
kind of universal social mapping exciting, or creepy. Zuckerberg describes it as inevitable. “At 
some point,” he says, “that will start to be a better map of how you navigate the Web than the 
traditional link structure.” By “traditional link structure,” he clearly means the basis of Google 
searches.... Zuckerberg’s embrace of mobile will strike some shareholderas as late in coming. In 
February, Facebook disclosed in an SI regulatory filing that mobile usage didn’t generate 
meaningful revenue.” 

FB-01382308 - Oct 1, 2012 Must Reads. 9-10, CNBC Exclusive: Sandberg Speaks with Julia 
Boorstin Today on CNBC. Sandberg: “As Mark said, we’re obviously disappointed and really 
surprised by what happened in the IPO. This was certainly not how we planned it. The good 
news for us is that we’re a really focused, product driven company. And so we’re taking that 
energy and really focusing on proving to the world that we can continue to grow our 
business....” 11, Sandberg: “Mobile is obviously a huge strength for the company and a huge 
opportunity. We have a big mobile network, both in terms of our users, over 500 million. But 
also in terms of the other apps and sites that are enabled with Facebook. We haver over 9 million 
across mobile and desktop in the world.” 



FB-01388104 - Sept 19 2013 Lessin to MZ “here are the high level points of discussion re: 
approaching accelerating contacts.... Build vl ‘people Tab in iOS and Android as part of main 
app (Android First?)... ‘highlights’ to surface people who are ‘most interesting’ to viewer 
interact with now”. Get feature parity on ‘people’ tabs with competitive contacts/dialer apps 

(and push advantage with info requests)... PYMK TO HELP BUILD CONTACT 


EXPERIENCE, GET RID OF COMPETITORS BY PUSHING FACEBOOK’S 
ADVANTAGE IN ALREADY HAVING ALL USER INFO. 05, “I am still going to look for 
acquisitions... I keep working ‘refresh’ but they are unlikely at this point (and all the more 
so since platform 3.0 is delayed another 6 months). If we choose to accelerate, am going to 
basically personally PM this. I think it will be fun / enjoyable, and impactful for me to do it 
personally if we decide to really go for it.” 


3881 | 11, Sept 12 2013 Chris Miller email 

to MZ Sandberg Olivan Wehner Lessin Bosworth Osofsky numerous others “Early Bird 
Special 2013-09-12 - noteworthy apps and trends”. “The apps highlighted this week have 
shown the ability to gain users with interesting use cases including: making your FB 
contacts phone contacts (Sync.me), using FB to enhance in-store commerce offers 
(Cartwheel by Target), offering users a passive recruiting solution (Silp), offering a 
freemium video editing solution (Magisto), Dating, photo editing, an d Twitch TV, a g aming 
video network all continue to be strong, consistent performers.” 12, 


https://tableau.thefacebook.com/views/Corp Dev Dashv6/FBenabled-Leaderboard 


The 


applications highlighted this week have features that Facebook is currently investigating or 
pursuing. These apps have already exemplified the ability to perform well within these 
spaces, having consistently growing user bases. Sync.me is a contacts organizer that maps 
Facebook data to phone contacts and automatically refreshes data as Facebook users 
update their information or even status updates. This is a good example of how Facebook 
could help users get more utility out of their phones or make additional inroads in the 
messaging space.” 10, Daniels: “Platform 3.0 friends API restriction is going to severely 
limit the functionality of this app. I believe that it could be undoing all of the good work we 
have done to limit the amount of data that gets from FB to the contacts list (at least in my 
test in iOS). This is really bad. Javi’s team should look into this. If we remain passionate 
about owning a contacts app, they seem to have the momentum that we should be 
evaluating them. 09-10, Benton Williams provides background data on Sync.me. “It would 
be very interesting to see Onavo data on engagement.... Time spent would be more 
instructive and I think should be available via Onavo.” Notes that company is based in 
Israel and has raised “$4M(!)”, team of 9 total 7 engi neers of medium strength. 09, R ose 
asks “Sam -1 assume this is on your radar?” Lessin: 



FB-01388363 “Contacts & the path forward with the friend graph..94, automatic contacts 


concept is most promising. 96, general consensus that tracking people and pages to 
automatically drive contacts is good. Should be able to remove from automatic list, list should be 
informed by contact importing and a broad array of interactions around FB but shouldn’t be fully 
magical (we should be able to describe to an interested & intelligent user the set of actions that 













lead to someone being a ‘contact’). 97, less consensus on the details. Do they hide contacts or 
show contacts, can users choose contacts, etc. 


FB-01389091 - ““Read” business model analysis. Platform “read” business model dsicussions 
have focused on (a) aligning economic incentives with OG apps and (b) addressing competitive 
concerns. Many “head” OG apps that arise in these business model discussions (e.g., S potify, 
Twitter, Pinterest) are already subject to additional terms under platform policies |'hkh 
c dnrf ; cofi>!sreml\ >5M MAU. >100M daily API calls. >50M daily impressions. 

Competing social networks. Summary of apps covered by policy thresholds. >5M MAU: -100 
total apps (-25 are notable OG apps). >100M daily API calls: -55 total apps. -5 OG apps (the 
remainder are FB native apps, experiences, which replicate FB on mobile, and canvas apps). A 
lower threshold of 10M daily API calls would include -65 OG apps, cinluding Branchout, 
iheartradio, etc. Competing social networks policy covers additional apps. Notable apps, such as 
Path and Twitter, also fall within the above thresholds. 92: Lists 32 “Apps within policy 
thresholds”. Lists Anivcrsariocs*, Astrology*, Bing, Birthdays*, Causes, Cumpleanos*, Daily 
Horoscope*, Daily Motion, eBuddy, Greetings, Instagram, Pandora, Path, PEdido de contato*, 
Photo Love*, Pinterest, Rockmelt, Rotten Tomatoes, Schoolfeed*, Scribd, Skype, Socialcam, 
Solicitud de contacto*, Spotify, Tripadvisor, Twitter, Yahoo, Yelp, Zoosk, 21 Questions*, 
4shared, 9GAG. “*Canvas apps which potentially substitute for engagement (per Javi’s 
comment). 93: “Daily API hits analysis”. 


| - looks like a Lessin deck on “Current state of platform. Two discrete 


businesses.... Canvas apps, 4.9k apps with >10k MAUs. Revenue $1B YTD, $119M costs, 
$914M profit. Mature and market dynamics have equalized value exchange. Non-canvas 
apps: Web + Mobile. 9.0k apps with >10k MAU. Revenue < $10M (all “developer ad 
spend”). Costs $75M. Profit -$65M. Immature and no clear value exchange.” 86 , “Facing a 
move to mobile...The shift to mobile impacts our platform business model. We don’t 
control key monetization avenues. We do not control payments. We lack ‘chrome’ for 
ads/etc. Developers have alternative sources for data & distribution. Notifications Channel. 
Contacts vs. Friends. Real Identity. The ‘Canvas’ model doesn’t translate. 87, Distribution: 
Apps ‘write’ to facebook. Value to developers: Users & Traffic (acquisition and re-engagement). 
Issues: Data so far not useful for targeting & face conflict with developers over ‘value’ of their 


data. Data: Apps ‘read’ from Facebook. Personalization and inviting friends. Value to Users: 
Better user experiences in apps.... Value Gaps / Issues: Currently unclear value to 
Facebok. No natural market dynamics, hard to correctly price. We are enabling 
competitors.” 88, Moving Forward.. .Ideas for discussion. Baseline housekeeping: Introduce an 


annual fee for developers: reduce spam and recover nominal costs. Charge developers for use of 
APIs (cost-recovery): increase effici ency, reduce expenses, recover nominal costs. Improve 
value exchange for Open Graph. A. 
























THIS IS THE SWITCH RIGHT HERE. REMOVE FRIENDS AND NEWSFEED. MAKE 


THEM PAY TO GET IT SO WE MAKE MORE $. 90, “We are delivering significant value 
to our non-canvas games developers.” $300M revenue run rate annually they are missing out on 
from Branchout, socialcam, soundcloud, flipboard, viddy, fab, pinterest, Spotify. 93, “Platform 
Monetization Alternatives. Charge Developers Annual Fee for Access - Benefits: Simple, Clear 
market precedent from Apple, screens for higher quality developers. Considerations: Small 
revenue opportunity. Bottom-Up Revenue Opportunity: $50M-$75M. Charge for Access to 
Facebook APIs - Benefits: Capture some value being created through the use of FB data by 
Mobile & Connect Apps. Premium API methods could expose/monetize new data previously 
available only to FB. Considerations: Charging for existing/free APIs could result in developer 


backlash. New API methods have unclear value to 3 ld parties. Data caching by 3 m parties cou ld 
limit monetization opportunity. Bottom-Up Revenue Opportunity: $10M-$80M. f 


>rd 



THIS IS WHAT THEY ENDED 


UP DOING. (NB Another version of this deck at FB-01389642 shows $17M bottom up 
revenue for charging developers access and S360M for distribution, which is VERY 
different from the $50-75 and S75-100M. Did they change these files after the fact?***) 94, 

“Application Fees by Platform Access. There are -167,000 apps that have over 100 MAU. 

These apps receive a number of benefits from us including: free distribution, free 
advertising in the App Center, and free usage of the Insights tool. The applications also cost 
Facebook for infrastructure, app review and user support. Opportunity of-$65M (applying 
a tiered charge method and excluding canvas games).” 95, “Charging Developers to Build: 

Which Apps Would Be Affected?” Lists apps that would be charged a $100k development and 
distribution fee: Causes, LivingSocial, Groupon, Glassdoor, Goodreads, Swaylo, 60photos, 
Socialcam, Flipboard, Skype, WaPo, Klout, Flixster, BranchOut, Tiwtter, Viddy, Gogobut, Hulu, 
Yahoo, Instagram, Microsoft, Bing, Scribd, Samsung, Pinterest, Yelp, Nokia, eBuddy, Pandora, 
HTC, Rotten Tomatoes, Terra, Zynga, Zperia, Myspace, iHeartRadio, foursquare, YouTube, 
Endomondo, Shazam, Huffpo, Draw Something, Scramble with Friends, etc etc etc. Lists apps 
that would be charged $ 10k development fee, Linkedln, Horoscope, Rockmelt, Nike, Etsy, 
Meetup, etc. 96 has apps that would be charged $ lk development fee ( Buzzf eed) and also 
separately a $250 development fee (Tosh.o). 97 J‘API Usage off of Canvas is growing. Daily 
API calls have grown from ~15Bn/day in early 2011 to ~30Bn/day currently. Share of read 
calls has grown from 78% to 86%. All of the growth in Apps making API calls has 
occurred off of Facebook canvas.” 99, “Read API Usage Has More Than Doubled.... 29% of 
this increase was driven by non-game, non-OEM-style apps with questionable willingness to 
















pay for API usage (Xperia, eBuddy, Pixable, ICQ Feeds, Swaylo, Klout, sources without an app 
ID). FB-01389486 - draft version of same deck showing title is 




96, describes charging for friend list API. “Apps already are using methods 


nad potentially reliant on them. Charging for previously free API methods potentially 
disruptive. Hard to police devs storing data on their servers.” 



spent a lot of the week on tactical TL as discussed.” TL = timeline (?). Meetings include Lessin, 
Zuckerberg, Boz, Paul Justin Felton. “(1) Developer incentives: why they aren’t publishing to 
OG, and how to get them to... Honestly, the more I dig in and thi nk about / talk to developers 
about the incentives around the OG, I just thi nk they are messed up / no one who is really smart 
is going to integrate with us given the current trade we offer... The world has changed, 
developers have more options then they did with the old platform, the sex/hype is with apple, and 
we need to provide a rational value model if we want developers to play I continue to think that 
the only way we will ever truly win is if end users demand that developers integrate with us, but 
I think we are more than a few tweaks away from that being the case - it isn’t just timeline 
improvements. We need to fix the economics of the platform at a pretty fundamental level. 
Some background: The best conversation I had this week that really infonned my thinking was 
with Diego Berdakin, who is the founder and CEO of Beachmint.... Which I thi nk is probably 
one of the best success stories right now on platform (they run a subscription jewelry service 
thatis growing like crazy as a canvas app, use FB advertising heavily and successfully, etc). The 
team has ab out 8 data-scientists / are all ex-FB game developers and think extremely analytic ally 
.iboul social.... Importantlv, while Hiev do publish 'like' data back to the graph and use 


To paraphrase, he explained that right now 


one of his most successful tactics was to take the data being published by other retails via OG, 
and to target with highly personalized / specific ads on FB just the people that were the best 
customers of these other retailers (really what they do is run this strategy on FB/google, cookie 
the users on a landing page, and then retarget them with cheaper ads everywhere else on the 
internet). The reason this is so much better than simply retargeting people that Tike’ other 

retailers is on the thesis that usually a tiny percentage of users dr ives the vast amount of _ 

spend/engagement (sadly which seems to be true even for us)... | a rye si uu wsrh ads Tikes' of 





solution / What to do now: I thi nk there is a short-term patch we should do, and a longer-term 
solution we should enac t. In the short term: Blacklist Competitors & bank on ‘distribution 9 
providing positive ROI. 



| - which 

would be nice, because right now based on how people think about the platfonn it is pretty 
unjustifiable. Hypothetically floating this concept with Diego, he told me that he would be 
willing to experiment with OG / figure out the value of the distribution if we did this. I don’t love 
trading distribution for data because we don’t know how to price it, and the problem with good 
small partners is eventually they grow up and don’t need you anymore... but I think we should 
do this now nonetheless. In the short term: more ‘plug-and-play 9 generic edges. Even with 
‘blacklists’ I think we are going to have a hard time getting all the A-l partners we want. The 
people who are already big or smart will not want to play with us. I think what we should do 
immediately is use the OG framework to enable the B and C players at low cost & zero technical 
overhead. The way to do this is not to ask them to build apps / integrate with COG - that is too 
sophisticated for them... I think the best strategy is to open up / provide a series of buttons a-la 
the like button, but for other verbs. I would start with the ‘want’ edge here, but also just release a 
wide set of verbs [own, love, like - or even a template for plugging in arbitrary verbs into a 
plugin model we are supporting] - with timeline we can already basically support basic arbitrary 
reports on verbs like this, which would make it pretty simple. In the longer term: Data 
Exchange - make developers money. The only solution is to basically run a platform where we 
pay people for their information....” 55, Lessin recommends starting developer fee program 
paying per api call. Wants to charge for is real, is trusted, FBID (“we say we don’t put this on 
the API because it is too expensive, but we know people want it - we should sell it”), email, 
coefficient (“you give us a user, we will tell you which of their friends is high coefficient... 
hugely valuable data we would never give away, but we absolutely should sell”). “FOF email 
checks.. .give us tow emails and we will tell you if they are FOFs.. .this would be hugely 
valuable, is not doable for privacy reasons for ‘Friends’, but I bet would be hyper valuable to 
developers (and I don’t really worry about enabling other services).” 58, discusses completing 
rolodex project as foundation for contact, address book, dia ler features. Says he is “pretty 
nervous about what we are doing here” with “Retargeting”. 




FB-01390158 - May 11, 2012 Lessin MZ Rait. MZ long note on Open Graph future starting on 
61 trying to get to how they can get users/devs to write to FB’s graph, getting to full reciprocity, 
62: “Open Graph is a complex system that touches many different constituents (producers, 
consumers and developers) and spans many different products (Timeline, News Feed, search, 
etc). Since it’s so complex, we’ve had a hard time getting a shared view of what we’re trying to 
do articulated. To produce a starting point for this, I’m taking some time to write out how I see 
the overall system, the main integration points and the challenges we face. To start, what we’re 
trying to do is unlock new ways for people to share content and activity with the people they care 
about. On Facebook today, for the most part people can only really blast out updates directly to 
their friends’ News Feeds, and there’s no real way to share content at a lower priority level. By 
enabling the use case of lighter weight sharing, we enable people to share an order of magnitude 
more content than they previously could. This will also have the follow on effect of enabling us 
to produce many new compelling experiences with that content in other products across 
Facebook. In addition to thinking about this as a set of new experiences, this is also strategically 
necessary for us. Going forward, most apps are going to be social. If we can make Open Graph 
work, then they can be social and integrated with us in a way that makes Facebook and those 
apps better. If we can’t make Open Graph work, then those apps will exist anyway, but they 
won’t integrate with Facebook and as time goes on we’ll have access to less and less fo the social 
content out there, which means our strategic position, importance and ability to make an impact 
in the world will decrease.... The challenge is that we have to provide a balance of value to users 
and developers. The solution space requires that we have to make it at a minimum slightly 
valuable to both parties since either a developer or a user can effectively block any individual 
transaction / sync from happening, and we also have to make it so that the system is very 
valuable for at least one of the constituents. If it’s very valuable for developers and minimally 
valuable for users, the developers will be incentivized to include it and users will go along. If it’s 
very valuable for users and minimally valuable for developers (aside from being something that 
users want), then eventually developers will eventually integrate it to make users happy. Ideally, 
it would be very valuable for both users and developers. My second choice would be to 
make it very valuable for users and somewhat valuable for developers, since if users want 
to put this stuff on Facebook then we will eventually succeed and won’t have to deal with 
developers gaining leverage over us. The third choice, and best interpretation of where we 


are now, is to make it valuable for developers and somewhat valuable for users. This will 
work - at least for a period - but making it valuable for developers means giving them lots 
of distribution, which means they eventually are less reliant on us, and if user demand for 
the product isn’t particularly strong, then they will eventually try to and may succeed at 
weaning off. The more user value we’re generating the less distribution we have to send 
back to developers to make the whole equation add up. Since distribution is scarce and 
trades off against other valuable things like feedback, the more we can tilt the balance in 
favor of user value the better. This is why the primary goal of this next round of projects is 
to increase user value and therefore user demand for OG integrations.... Right now we’re 
not providing much value to users. In fact, in many cases user value is probably negative 
since the presentation isn’t reliable and people often feel like they’re spamming friends. 
This isn’t sustainable and user value is the main thing we need to improve. However, this is 
very difficult because the type of content that people will share via OG activity is inherently 
not content they want to share actively to their whole networks. So that means that unless 
we can change some of our basic assumptions about how this works to suddenly make it be 
the case that people do want to share all this content actively (it’s worth thinking about 
whether this is possible but I haven’t figured anything out here yet), that means we’re in 
this space where we provide value to people by having their content on FB so it gets some 
feedback and is in a permanent store for discovery and making connections between 
things, but it’s generally not too prominent. There’s a real tension between on the one hand 
getting some distribution and making it feel like all your content is there, and on the other 
hand not making the content too prominent. This is a challenging balance, and one that it 
does not feel like we have achieved across mobile and desktop yet.” 63, MZ describes five 
surfaces where FB will provide user value: news feed, timeline, apps, contextual 
experiences, search. “(3) Apps themselves. One primary reason to connect with Pinterest is 
to make your Pinterest experience better. This is actually very powerful, and the most 
important thing we can do to make this work better is decreasing the social/conceptual cost 
of signing in with Facebook by shipping the new private GDP concepts we’ve been 
discussing. (Of course making this private will put more pressure on making sure we do 
well at encouraging people to proactively add things to Timeline and making sure we 
provide good anonymous distribution as well, so we’ll have to do very well at those too.)” 

58: Lessin responds dividing up into three categories of OG: (1) “OG for things that are not 
shared / people do not want to share - News, Video, Etc. (Set as ‘only-me ’ & not on 
timeline)”', (2) “OG for things that are shared elsewhere / users don’t explicitly want to 
push to FB, but they also don’t’ generally mind sharing (set as shared on timeline, but not in 
feed except as aggregate stories)”; (3) “For things users are explicitly proud of and want to 
share prominently in FB; (Set as user-choice and Shared on Timeline and in Feed as full 
stories)”. Re: (1) it exists for developers to have anonymous distribution in feed.... Key 
Bets: Users: Don’t mind us having the data so long as they are totally confident that it will 
not be shared with individual attribution. Will understand / trust that we are not sharing 
their stories even as they will see anonymized feed stories. Will understand / trust that we 
are not sharing their even though we currently do (trust deficit). Re: (2) “Key Bets: Users: 
Get positive value / utility from representing the information they are sharing elsewhere on 
the internet on their FB profile. Get personal value / feel a sense of completion for having 
all their information in one place (the dropbox effect). Want / seek a consolidated 
expression of self. (Want to express this information to their Facebook ‘network’, at least 



until we further develp the app-list / app distribution model). Understand that this 
information is not getting blasted. Wan t the information in the form developers gie it to tus 
in their profile (every song listen, etc)...| knxry (let enough pos.i(i.ve dislribu?son io 
offset »<k: cost of os having their data / using it for targcting| Lessin then tears apart the 
assumptions that 2 (reciprocity) can work. “My Belief: Users: On the margin want this in 
some cases / it can be valuable to them. Are going to be hard to convince / hard for them to 
understand that we aren’t blasting this in feed (e.g. pinterest shows every pin; however, 
Spotify only shows top songs and it is unclear users want to share full listening history (the 
cox argument). In many cases / for many apps have a conception of ‘privacy’ for different 
‘profiles’ they keep on different services (either explicit or implicit) which do not resolve to 
our graph (e.g. Instagram doesn’t have privacy, but there is some degree of security by 
obscurity which consolidated ‘identity’ threatens. E.g Path. Face serious cognitive load 
thinking through all of the above when they grant permission / delegate permission at the 
app level. Developers: Same value trades as above...really very little difference. On the 
margin much less of a spam issue because the publishing user has an incentive to keep their 
expression of self clean...Will give us slightly better structured data....However, again, will 
want to give us the least structured data they can for competitive reasons.” 61 Lessin: 
“Where I net out is that I am basically fine pressing the plan you are outlining -1 think it 
has merit and is a step in the right direction... but I don’t think it is a slam dunk on #2. A 
strong part of me feels increasingly like we should go after making category #1 and 
category #3 work really really well... And just get rid of the second category for now.. .’ 

58 Rait: “I 



your framing on the 1/3-only world, though.” 


I B il - April 29, 2012 Gokul Rajaram sends a Mar 26 2012 email asking if FB 

should buy Ark, which is a people finder that users Google and FB. Lars says they are 
worth a look. 42, Stocky confirms they have no special deal so not sure why articles keep 
representing FB as having given them a special deal to mine the graph. Lessin had talked to 
the CEO a while back, “when he emailed me back he reiterated about 7 times that he was 
not ‘violating any of our policies’”. Rajaram responds: “If Doug says they are consistent 
with our policy, we cannot really do anything and just nee d to watch them as they build a 
competitor to Facebar using our (users’) data.” 41 Purdy: I j ; 




FB-01390552 - April 3, 2012 MZ comments on Lessin email on tactical TL. 53 MZ agrees a 
lot of work to do incentivizing developers to share back data but thinks timeline 
improvements are a huge part of it especially for getting users to demand that developers 
have integrations. MZ agrees they should do reciprocity with a blacklist for apps. 54 MZ 
very skeptical of pay users for data strategy. “Separately, I think my reaction here is at the 
heart of everyone’s skeptical reaction to your FB-as-data-exchange views. It’s kind of like 
Schrep’s reaction to your idea of not having the front-end tonight: that this would a $200m 
business. I’m not saying he’s right, but I think everyone struggles with this point whenever 
you make since you haven’t made a compelling case that this will be a meaningful market. 
I’m probably the most philosophically sympathetic to this and even I’m having a hard time 
constructing a case that is meaningful here. This is just something for you to think about 
because these ideas currently don’t come across as particularly credible without this bit 
worked out.” THEY WILL USE TO SHOW LESSIN AS OUTSIDER, MZ DISAGREED 
W HIM. LESSIN’S VIEWS NOT FB’S VIEWS. 59 MZ re Lessin being nervous about 
current retargeting approach. “I’m worried too as we discussed tonight. There might be a 
way to do this more tastefully. I’ll follow up with Badros.” 


FB-01391046 - 48, Sept 8 2011 Joe Green emails Lessin about FB requiring extended 
permission to publish to open graph. Lessin adds O’Neil to thread saying “he knows way 
more than me about this. This is a bit out of my purview but I thought this is how it was 
supposed to work. I don’t think we can just grant the OG permission without an 
authorization by the user because it is a new set of functionality / it would violate our 
terms?” Green: “I seriously doubt there is a legal issue. We were given a whitelist to 
publish to the first version of open graph just fine.” 47, O’Neil explains it’s an issue related 
to privacy / user expectations and “it’s about being clear with users that they’re granting 
an app permission to publish their activity to Facebook.” Green responds: “2. Facebook 
should be rewarding loyal developers, not penalizing them. We spent an enormous amount 
of effort getting our users to install our profile boxes and tabs. Now that these are coming 
back, users should be grandfathered in, as the intent of showing your causes activity on 
your profile was the same, even if the details are not.” 46, Green forwards to Lessin: “Take 
a look at my second point below. Developers are constantly getting fucked by Facebook 
when we invest in a certain integration, and it goes away, and then something similar 
replaces it, but we have to do authentication all over again. It would be good for the new 
profile (more content) and good for developers to grandfather us in. This is going to need 
pushing at your level. Eddie’s response is typical FB low level excuses.” Lessin: “Talked 
with a few folks -1 hear you joe, this one sucks - but it isn’t going to change.” Green: 
“Where is that sam lessin signature will to fight? ©” 


FB-01391255 - Cross March 30, 2014 update on Graph API 2.0. 57, “** Arthur update^ 
the user friendlist behavior in v2.0 to not return the actual users in the friendlist - you 
need manage friendlists for that - user friendlists is now useful only to render a custo 
friend selector.” 58, lists all the permission deprecations and confirms them. 59, 



Developers who we consider ‘unknown’ in our internal classification framework now have 
to do a phone confirmation step before that can submit anything for review (app center, 
OG, or in future, permissions). This is on for 30% of developers, and will ramp to 100% 














155, Sukhar asks: “Can you elaborate a bit on this? Why 
are we doing this?” Cross: “The case for m anagefriendlists is that you do need to see who 
is in each list. But Hiis Mil be m h t/eef' 


FB-01391307 - March 26, 2014 task saying “We were originally planning to deprecate 
readstream as part of PS12n - now, we plan to allow developers to request it as part of Login 
Review.. .we’re going to keep readstream as is, but remove the ability to query the feed of a 
non-app friends’ feed.” 


FB-01391309 - Login session desk task march 24, 2014. 10, list of changes for facebook login, 
includes explicit description of friends list and permissions and other changes. Very different 
from actual announcement. 11, very different reason for changes. “1. The Graph API was 
launched on April 21, 2010 at 11:00am - just over three years ago. It was a complete re¬ 
imagining of our Platfonn. It now serves XXXX requests per day. But 2010 was a long time ago, 
the world has changed, Facebook has changed, and tis hard to keep pace with this change. The 
Graph API, while venerable, has some inconsistencies thanks to 3 years of Entropy in 
Facebook’s own product. The world has also moved to mobile - this is a new world, where 
binaries are shipped on phones. They can’t be updated instantly - show chart of Facebook’s own 
upgrade cycles for iOS and Android - so the development model doesn’t work in this new world 
- we needed to have a chance to remove the inconsistencies which make development hard, as 
well as ship a product designed for the mobile world. Hence Versioning and Graph API 2.0. 


FB-01391599 - Sukhar asks Cross Feb 9, 2014 “Can you explain this note. I thought we weren’t 
going to let anyone use read stream - “Landed a proposal for how DevOps will review requests 
to use read stream: for non-OG, they’ll follow their current implicit OG criteria.” - Why did we 
decide to make non-app friends so high friction in terms of review?” 

FB-01391684 - Sukhar Cross chat Jan 6, 2014. Cross: “short version is that we have a deal 
with Bing where by Bing provides us Maps and Search, and in return we provide them 
with a ton of data to build a social search experience.” Sukhar: “The contract allows for 3 
month deprecation, though?” Cross: “That social search experience does work if users opt 
to login with FB, but its hard to upsell them, to IP is critical to them showing the value to 
users. The contract has a three months d so removing IP really changes the value exchange 
at play.” Sukhar: “I see. What’s our game plan then?” Cross: “The 2014 deal has not yet 
been signed, the 2013 deal was extended to end of Jan. Our gameplan is: 1) get the 2014 
deal signed 2) deprecate everyone else off IP 3) by 14 th Jan, there’ll be the only ones left on 
IP so we’ll then notify them that it’s a deprecated product, there is no one else on it, and so 
we have latitude under the contract to remove it with 3 months notice. With graph search 
and the deal we’re doing with nokia/HERE - no one expects the 2014 deal to be renewed. If 
they find out IP is going away before the 2014 deal is signed, we have problems on our 
hands if they did something to restrict our access to Maps/Search. Make sense?” Sukhar: 
“Yeah, that makes sense. Ok - we don’t need to wrap it as part of PS12N messaging as 
much as we need maps ©.” Cross: “Yeah, I’m uncomfortable us talking about IP in the 



context of v4/PS12n - we should pretend like IP never existed.” Sukhar: “Ha. Because you 
think it’ll bring more scrutiny than praise for deprecating it?” Cross: “essentially yeah -1 
don’t see the value of reminding people of this old, v ery limited product where theres so 
much else to talk about with PS12n/v4” 



FB-01392510 - F8 FACEBOOK DEVELOPER CONFERENCE APRIL 30, 2014 
“CONFIDENTIAL-DO NOT LEAVE BEHIND”. FB internal F8 briefing. 20, “Narrative/Top 
Themes for F8”. Entire page of key points about F8, not one of them is the friends permissions 
deprecation (small bullet under “Putting People First” on “Developers also need to ask 
permission to see your firend list. And we’ll only show developers the friends who are also using 
the app”). Starting 28 “TOP QUESTIONS - Platform” “Q: Why do you have a Platfonn? What’s 
the goal? What’s the business goal?” A: Facebook mission is to enable people to share what they 
want with exactly who they want. And that includes apps. We couldn’t build all of these 
experiences ourselves. Additionally, we make money through ads and enabling in app 
payments.... Will you kick apps off your platform that compete with apps created by FB through 
Creative Labs? A: For the vast majority of apps, keep on doing what you’re doing. What we’re 
not ok with is apps that recreate our core functionality or create a harmful experience for 
people... .Q: Are you killing a bunch of apps with these Login changes? A: No, the majority of 
apps integrated with Facebook today will continue to exist. We believe this is the right thing to 
do for people, and the right thing to do for developers in the long term. These changes will 
improve trust in the entire ecosystem. We understand this does create short tenn work for 
developers, so we’re being upfront about the changes and giving them a year to adjust .... Q: Can 
apps still request your friend’s content with the new Login (eg photos, likes)? A: No. With the 
new Login, people have more control over how information is shared with apps. In the past, 
when someone logged into an app, the app could ask them to share not only their own data, but 
their friends’ data too. With the new Login, everyone gets to decide for themselves what data tey 
share with an app. For example, people can share their own photo albums with apps, but they 
can’t share their friends’ photos albums. Does this apply to every app? We work more closely 
with a small group of companies to provide Facebook enabled products (for example, we work 
with some handset makers to offer a version of Facebook for their phones.) These companies 
may still be able to request access to friends’ data, but apps more widely on the Platform will 
not. What about apps that already have this data? Do they have to delete it now? These changes 
don’t impact data that apps already have. People do have rights under our Platform policies to 
require apps to delete their data, if they make that request. Q: Do apps get friends lists by 
default? A: No. Previously, when people logged into apps, the app received their friend list by 
default. With the new version of Login, people will have the choice whether an app gets their 
friend list. They can just select or deselect it when they log in. If I decline to give my friend list, 
can developers still use these new APIs? No. Q: Why are you taking away the ability to get full 
friends list? A: We’ve heard from people that they want more control over the information they 
give to apps. People don’t want their info to be given away to apps unless they had explicitly 
chosen to share it. This change puts control squarely in the hands of people. Q: Are you killing 
free distribution for developers? Are ads the only way to grow now? A: No - we provide 
services for organic and paid growth. New tools like the Mobile Like Button, Send to Mobile and 


the new Message Dialog are great ways for developers to reach people on Facebook.... Q: 

Which apps will you be reviewing? Will you become like Apple? A: This will be a lightweight 
review process and an extension of our current review process for Open Graph integrations. 
We’ll only be reviewing apps that request information from people beyond their basic public 
profile. We’ll only be reviewing apps when they request new permissions - not every time they 
release a new build. Q: Are you tracking users on their mobile phones (re: Audience Network)? 
A: No. The audience Network is focused on showing people more relevant ads. And we respect 
device-level opt-outs.” Lots more good questions and canned responses. 56 “FYI: Creative Labs. 
Overview: Facebook Creative Labs is a new space to support development of Facebook’s next 
generation of mobile apps. The announcement accompanies the launch of Paper, which is the 
first app from the Labs. Facebook Creative Labs isn’t a new team or space within the company. 
Labs will provide a place for us to share our latest mobile experiences with the community, and 
where people can find different and innovative things. This structure will support our goal of 
making Facebook a place where people can share any type of content with any audience.” 

FB-01392678 - April 22, 2014 Sukhar pushes back on the “predictability/stability” message in 
his F8 presentation. 79, MZ: “It’s a bit messy to dive right into announcements without more 
of a framing, but I think Stability + People First as the primary values we’re trying to 
communicate feel right upfront.... We also need to make sure that Stability and People First 
are messages that everyone repeats in the other sections as well. The stability section is still a bit 
weak. It would be nice if we had one more stability announcement or good data point to 
announce. As it reads now, it feels like it would be better to get the 48 hour bug SLA in there. 
Even though it’s not amazing, it’s still better than nothing. We just need a bit more meat here to 
really make this point. I also still need to think of a story. Any ideas here would be helpful, but 
we can keep finking about this one for a few more days since it won’t require any slides.” Shows 
that Dex Torricke-Barton, Caryn Marooney, Jonathan Thaw, Dan Zhou and Andrea 
Besmehn ALL worked on MZ’s F8 announcement. FB-01392704 - After Sukhar pushes 
back on changes to his script, Archibong and Liu immediately respond they are fine with MZ’s 
changes, leaving Sukhar out in cold. 

FB-01392777 - “Mandatory diode roll out to uk/fr/dk/no/se.” Charts comparing engagement 
across FB Messenger WhatsApp Snapchat in different countries. Onavo data? 


B-01392802 - looks like public F8 deck for media - no mention of friends list and friends 
ermission removal. 


FB-01392849 - 53, Jonny Thaw to Blake Bames, Raylene Yung, Sukhar, Baker, Randall “Trust 
announcements + f8”. “Hi Blake, Raylene and Ilya, We have f8 coming up on April 30, when 
we’ll announce a bunch of new products and changes for developers. There are a couple that are 
great for trust: -giving people the option to choose what profile information an app gets about 
them (Login v4) - removing the ability for apps to get profile info about your friends. The 
changes will be announced in Zuck’s keynote. They may be a tough message for some 
developers as it may inhibit their growth, so one idea that came up today was potentially 
talking in the keynote about some of the trust changes we’re making on Facebook itself. So 
the message would be: “trust is really important to us - on Facebook, we’re doing A, B and 
C to help people control and understand what they’re sharing - and with platform apps we 







are doing D, E and F.” It would be awesome if we could also talk about the new Friends 
default (if we choose to go that route.) If that doesn’t work, we could announce some of the 
Facebook trust initiatives in the run up to f8 (early / mid April) and then the changes we 
announce at f8 for developers will seem more natural. Do you have any thoughts / objections 
to this?” 52, Raylene says no objections as it lines up nicely with some privacy work they are 
doing. Thaw suggests another way of doing it: “The other way we could do this is have a 
positive “control moment” in the couple of weeks before f8, and then we’d be able to build 
on that announcement with the positive control / privacy changes we make at f8.” Raylene 
checks in on March 31. 51, Thaw responds: “Here’s how things are looking right now: Control + 
sharing whiteboard - 4/8 (Bob, photo resharing education, breakfast club, past cover photo 
privacy, priority list). IF we decide to do friends default for new users and Privacy checkup is 
ready, announce one or both later in the month, before F8. F8 itself- Login V4 (x out of 
permissions, apps can’t get friends data etc.) - 4/30. There is a chance that we may “pre¬ 
announce” some of the Login stuff ahead of F8, so people aren’t surprised at the event. Talking 
with Ilya and Mark about that today hopefully.” Raylene confirms no privacy moment at F8 
itself. Thaw responds: “A group of us met with Mark today about F8 and he seemed happy that 
we are doing the whiteboard focused on trust in early April. He actually said he would be 
interested in being part of some kind of second “moment” later in the month (still before F8). 
That would be an opportunity to also say “you’ll see some of these themes continue through F8”. 
I don’t kn ow what being involved means, but it could be a timeline post from him, or maybe an 
interview. If we did a second announcement later in April, what could we realistically include? 
New user defaults (do yo kn ow when we’ll make a final decision on that?) Privacy Checkup? 
Adama? From a press perspective, if we just ahd the new user defaults, that would be enough as 
that’s a pretty big deal, especially in Europe, and we could also wrap in some of the stuff we’d 
already talked about at the whiteboard.” Raylene: 



FB-01392913 - schedule for April 2014 showing “control updates blog post on 4/24 as TBD. 14, 
narrative around transition to mobile. 19, Sample press headlines for consumer and developer. 
Gives examples of many positive framings: “Zuckerberg Paints Vision for Mobile Age”. 
“Facebook Introduces S LA for APIs, Two Year Breaking Changes”. Articles actually published 
resemble these changes, f 


FB-01393032 George Lee March 13, 2014 email to Sukhar, O’Neil Randall, Liu, Ryan, Morris, 
Gupta, Heaton, Larkin “King IPO + PS12N”. “Do we have any thoughts on whether we need to 
do anything special for this potential sequence of events? PS12N could be written up by press to 
be a significant retardation of virality on the platform. I think it is ultimately fine if we end up 
not doing anything here, but want to throw this out there just in case there is something we 
should do in temrs of messaging and communication.” Ryan: “Don’t worry about it - we can’t 
control their IPO, and we don’t want to communicate anything ahead of time. Hopefully 
we’ll have some good things to announce in addition to PS12N.” 



FB-01354549 - October 2013 “Facebook Messenger Bundle & Platform Opportunities”. 56, 
“Why a Platform? GOAL: Leverage the characteristics of a multi-sided platform to make 
Facebook Messenger the #1 Mobile Messaging client globally. Currently, we’re competing on 
the basis of single-sided network effects (ie more pople = increased likelihood you r friends are 
on Messenger). See ‘Invisible Engines, MIT Press). Similar strategy to WhatsApp. 



57, Platform opportunities. 

58, competitive view. 59, pa rtner view (e.g. share dropbox files via messenger). 63, app- 
initiated private messaging. 


FB-01363272 - Sukhar and Nick Schrock Jan 10, 2014 chat. Schrock: “hey man las tmonth 
I wrote one of those three year vision docs that zuck wanted about the future of our mobile 
stack. I do talk about parse wanted to share with you get your thoughts....don’t spread 
around.” Facebook Mobile in Three Years (5).pdf. Sukhar: “what was zuck’s reaction?” 
Schrock: “Have not shown him actually. Most to engineering managers. He’ll just like the 
sun tzu quote.” 75, Schrock: “actually this discussion spurned me to send it to mark. 
Having dinner at his house on Monday so good timing. Thanks for asking the q...would 
have forgotten otherwise.” Sukhar: “you should ask mark what’s up with parse ©” 
Schrock: haha ok, not feelin’ the love?” Sukhar: “not so much” Schrock: “:-/ sorry. He 
went to your conference that was pretty pump up.” Sukhar: “well, I think he likes parse 
and me it’s more like he is giving platform a lot of heat and that’s causing doug/vlad to 
randomize me a ton. Dunno, re-reading that, I’m not sure that’s a correct characterization 
either. It’s complicated. Disregard ©” Schrock: “zuck can do that. I don’t think he’s ever 
been really happy with platform. Then they pivot to something else, and devs get pissed.” 
Sukhar: “Yeah, parse should not be in platform. There’s a huge strategy tax with 
ads/games and generally not a lot of mark love.” Schrock: “yeah, cory and I used to talk 
about it. We wanted to divide platform into “platform” and “blow zynga” (cory’s phrase) 


which was the equivalent of the strategy tax you describe two years ago i.e. the money 
making portion that is not about supporting developers and technology.” Sukhar: “yeah it 
sucks. I want to build a real platform.” Schrock: “me too”. Sukhar: “well, pitch it to 
mark.” Schrock: “he’s generally receptive to it but it was important to get our mobile apps 
in order first and we are not there yet.” Sukhar: “hmm he seems to have gotten less 
receptive to it when I talk about it with him”. Sukhar: “yeah it’s hard to tell what’s up with 
him. We have like a good enough relationship where I can ask him things but he’s not very 
forthcoming.” Schorck: “mos def keeps stuff close to the chest.” Sukhar: “makes sense for 
him to do” Schrock: “yeah he’s one of the most famous people in the world. Easy to forget 
that” Sukhar: “Doesn’t help that I’m not sure he loves doug/vlad.” 79, Schorck: “just 
between us girls, I consider the platform devs to be of lower quality than other orgs” 
Sukhar “no kidding... platform takes what it can get afaict and keeps people by promoting 
them aggressively”. 80, Sukhar: “Parse is like the green zone, the wall is going to get 
breached at some point and I’m worried about that...we need to like evacuate the 
premises.” Sukhar wants to go into jay parikh’s org. 81, Sukhar: “Zuck views parse as 
doug’s thing I think so that makes things hard because the two don’t really connect.” 
ZUCK CONNECTS PARSE AND PLATFORM. 

FB-01363324 - Jan 3, 2014 task TR Sukhar: “Verify with the growth team that we can give 
out last initial for untosed users. Check if we can give out last name.” 

FB-01363365 - Dec 15, 2013 deck from Srinivasan to Sukhar “2016 - latest revision”. FB- 
01363366 - “At the broadest level, we want to build the deepest knowledge graph about humans, 
our relationships with other humans, content and objects. Using that deep understanding.” 67, 
google example across wide range of areas. 68, “Eliinate key dependencies on Google and 
Apple: In 2014, we should switch to HERE maps. Starting 2015-2016, we should look at 
commoditizing maps and navigation data to reduce Google’s control over maps data. One way to 
achieve this could be to partner with Open Street Maps, build a Waze like social mapping 
solution for navigation data and open source the app and data under the Internet.org umbrella. 
Rationale: OSM gives us insurance if/when HERE gets acquired by Microsoft/Apple/Samsung. 
Using an open source approach to freeing up this data can be great for our brand and user trust. 
We could also encourage other apps to move to OSM (Foursquare already does). In 2014, we 
should launch an Android App Store that distributes our apps directly to users. In 2015-2016, we 
should expand this to include other apps, content type.. .and possibly other platforms....” 69, 
“Build new services that become critical dependencies for developers. Messaging as a 
Platform already appears to have strong momentum within the company. We should make 
bolder bets around discovery, distribution and engagement services for verticals like 
Games and Media. Controlling distribution via our own store will help us remove a lot of 
friction for users. We should allow developers to store their graph data with us and provide 
an API for them to search our graph data in a controlled fashion. We should provide new 
methods of monetization for developers via carrier billing, ad networks or subscription 
models.” FB-01363440 updated version of deck. 

FB-013 63403 - Dec 12, 2013 Sukhar Yu Lacker chat. Lacker regarding talk w O’Neil: 
“yesterday we talked for like an hour and a half about how frustrating psl2n is and how we both 
feel powerless to make it a product we are proud of’. 



FB-01363455 - Dec 11, 2013 Sukhar Vernal chat discussing how Parse increasingly doesn’t fit 
and meeting with MZ asap to discuss to figure out where Parse fits. 


FB-01363466 - Dec 10, 2013 Sukhar Purdy chat. 68, Sukhar: “Is this plan going to be public? 
I’m really worried that Parse is pretty minimally involved in the 3yr plan. If that’s the reality, I 
can stomach it but it would be devastating to the team, I think.... I think the problem is that 
nothing about Parse today is that core to success.... I think we need a high level goal around a 
generalized app platfonn that enables a lot of other things.. .basically the trade off of parse social 
versus fb login. General app platform or specific use cases for fb because if it’s specific use cases 
for fb, a lot of parse isn’t that relevant.” 69, Purdy on MZ: “he believes that developers are 
important to us. He believes that you + the team built can help here. Osmeta is a deep 
defensive bet. Developers need to be offensive bet. X-platform is just a tactic.” Sukhar 69- 
70: “I see. I thought some of the thinking around acquiring parse was pretty defensive in 
that it was a goal to get the next Instagram or snapchat to build on us.” Purdy; “Yes, but 
we need the other surface (message/search) for that to work”. Sukhar: “Really? I thought 
the point was that we don’t need the other surface if they build on parse. We can control 
them even before then.” Purdy: “But how do they grow? They cant buy ads and feed is 


overwhelmed with organic traffic in mobile.” FB-01363471 - platform 3 year plan that they are 
commenting on. Sukhar needs help on messaging to team and is not going to go against the 
grain. 


FB-01363541 - Sukhar Srinivasan Dec 2013 email string about platfonn strategy to compete 
with Google. Attachment is at FB-01363546 Project Geneva: A 3 year plan that enables 
Facebook to be at the center of a more balanced mobile ecosystem. 














to discuss in person. FB-01363618 - Purdy Sukhar chat same day. Sukhar: “debating 


psl2n with david and bryan who are upset about the final proposal @... I think it would be 
helpful if you delivered the slightly cynical message to them... So the message that they 
need to hear IMO is primarily an explanation of the political landscape around competitive 
apps and a more straightforward take of “yeah this isn’t great that we’re taking a step 
back but it’ll allow us to take two steps forward.” 

FB-01363629 - dec 2013 Sukhar Kennedy email describing Hendrix as a “rewrite of devsite on 
top of new frameworks prompting us (mostly DevX) to rethink how we structure code and 
components used to deliver our content to developers regardless of how they may choose to 
access the site.” 


FB-01363635 - USA today story on spammy apps in Nov 2013. Purdy uses as opportunity to 
preview login v4. Says good headwinds in the user trust space on platform. 


FB-01363651 - Yu Lacker Sukhar Nov 22 2013 chat. Sukhar expresses concern that O’Neil not 
being setup for success in future PM role. Lacker blackballs O’Neil PMing login because he had 
such a bad experience working with him on PS12N APIs, doesn’t thi nk he kn ows how to design 

an API. 59 Sukhar: “There is some contingent of people in this company that wants to build 
amazing smart shit.... I feel like we are trapped under mediocre leaders.... These guys are 
trying to start a revolution and are like enlisting me to represent parse and platform [Yu: 
to zuck?]... I was like yeah I feel like my org sucks and I can’t actually achieve this 
vision...They are like yeah obviously. We only succeed if all this happens without 
platform”. Who are Ran and Ragavan? 


FB iri5<>57l| - Lacker Sukhar chat Nov 18, 2013. Lacker: “I’ve been talking with david 
more about third party ids. It seems like there must be something you can do to leverage 
your pm-running-build position to make that project go in a more intelligent direction.” 
Sukhar: “Sorry I think that one is just an infinite sink of despair that must be accepted as 
status quo.” 19, Lacker complains about separ ating public profile and friend lists and 
requesting friend list via Login Review dialog. 



FB-01363734 - Nov 18 2013 Sukhar forwards Lacker Bing spec for loginv4 and says “don’t 
blow up on him 









FB-01363747 - Sukhar Purdy Nov 2013 chat. Purdy describes that they can work on a 3yr plan 
for platform “where we can demonstrate to mark that our strategy, including the purchase of 
parse makes sense in 3 years” and they didn’t just buy parse to “fix platform” and they can “be 
done in literally 30 mins”. Sukhar: “I am frustrated about 3yr planning precisely because you 
think it’s the sort of thing that can be done in 30mins.... The reason I got pissed is because you 
justified signing up for a 3 yr goal with ‘here’s an idea, sam lessin would like it’”. Purdy: “look, I 
have to put together a 3yr plan. I don’t want to do it. It is waste of time beyond getting the team 
rallied right now. I can’t stop the process as it is decided at the mteam level, so I am just trying to 
make the most of it. And make it as painless as possible. I am going to fail. Sorry.” Sukhar: 

“well, that’s good to hear tat you think it’s a waste of time. I agree. If we want to put together 
some nonsense to feed to the mteam, I’m game. Nobody kn ows what the hell is going on at the 
mteam level.” Purdy: “I have a little idea. Mike just got it. So he is figuring it out.” 

FB-01363747 - Purdy Sukhar Nov 16, 2013 chat Sukhar vents to Purdy. Sukhar apologizes 
frustration for lashing out at Purdy when it’s not really Purdy’s fault. 

FB-01363841 - Lacker Sukhar Poll Nov 2013. Lacker complains about changes to Vernal who 
asks him to make a list. Asks Poll and Sukhar for feedback. 42 Sukhar: “Yeah I would put GDP 
v4 entirely in this category of things that really affect developers but we don’t have any visibility 
into.” Poll: “policy changes are also still super-opaque”. 

FB-01363868 - Yu Lacker Sukhar Oct 29, 2013 chat. 81, Sukhar: “we should just bail and start 
another company. This blows.” Lacker tells Sukhar he asked Vlad for more people to fix 
platform, Vlad asked if he meant for anonymous login. Lacker: “I’m like, can the team be called 
anonymous login but actually it goes and creates sdks and makes the platform not suck and has 
some headcount to do so.” Sukhar: “haha dude I don’t think we want that. Anonymous login is 
some zuck pet project that everyone is failing to deliver and he is pissed. Doug pulled me aside 
to talk about this today. And I’m like uhhh that is like Vietnam A 2. Going into that project seems 
terrible....” 88, “I’m like withering at fb” 


FB-01364161 - Purdy Sukhar Oct 16, 2013 chat: “If Kevin can just lead the PS12N stuff with 
Eddie now (will change the org in a few days/weeks), we are mostly done. Eddie works for you 
and Kevin does too. PS12N (rebrand it if you want) is your “parse fucking fixes platform” 
master plan as the new head of developer services at Facebook. I can announce the 
Eddie/Zhen/etc. change now to pour fuel on that fire? Trying to figure which move helps us 
move faster toward the end state in the note we wrote and I sent to mike. VERNAL PASSES 
PS12N TO PURDY, PURDY TRIES TO PASS TO SUKHAR. 


FB-01364252 - Oct 1 2013 Sukhar Purdy chat. Purdy asks about developer strategy 
meeting. Sukhar: I’m not convinced this meeting even needs to happen. The only time I can 
recall an interesting outcome was when Mike mandated PS12N. Everything else just seems 
like a giant status update which we already do weekly via emails.” 

FB-01364257 - Gupta to Sukhar Sept 30, 2013: “Completely agree with you. I think the 
friends API is really core to our social platform, and removing it is going to make it really 
hard to attract developers to our platform. That said its unclear to me where this is coming 







from, how much of this decision is final and what are the avenues for pushing back. What’s 
your take on this?” Sukhar: Let’s chat later today. In general, I’m not a fan of it ©” 

FB-01364271 - Sukhar Lacker Sept 27, 2013. Sukhar: “on another note, these growth 
people seem legit.” Lacker: “yeah the growth folks seem smart. I feel like platform 
leadership has cackhanded the whole friend-list-deprecation thing. I am very curious about 
growth teams at facebook in general. I wonder if like, platform should think about getting 
ore mobile apps on platform in a “growth” type way.” Sukhar: “I kind of want to work on 
growth.” Lacker: “growth seems like the special sauce at facebook.” Sukhar: “seems 
cooler”. Lacker: “it is the team whose operations remind me the most of search quality. I 
chatted with this guy matt wyndowe who had a really cool explanation of how this one 
growth project operated. Like, you metric up everything, you have data analysts and data 
scientists. It makes me think, hey maybe facebook has discovered this magical way to run 
teams for complex products so that they seem basically the same featurewise but 
mysteriously everyone starts to use them.” Sukhar: “seems like Javi wants P3” 

FB-01364273 - Sukhar Federov Sept 27, 2013 email prepping for meeting with Olivan. 
Federov warns Sukhar that “Javi is very different audience than Sam. If we ask him what 
he think the problem is with platform he will have to assume that we haven’t listened to 
him at all in the last 3 years and he will let us know how feels about it. It would be a bad 
meeting....” Sukhar agrees to sit back and not prepare slides. 



FB-01364327 - Sara Jeruss emails Sukhar Sept 18, 2013 asking about restricting friends 
access to sync.me. Shows that they are doing this for business reasons and asks about 
enforcement now versus with PS12N. They agreed to wait because they thought PS12N was 
in October, but now that it’s been pushed back they’ve been asked about enforcing sooner. 
Sukhar says to wait until PS12N. “I don’t think it makes sense to go through two press 
cycles on this issue and we’ll be much better prepared and unified when we roll out PS12N. 
So I’d recommend waiting.” 

FB-01364372 - Stefanki Sukhar Sept 2013 email discussing enforcement against Social 
Fixer. 84 - “One thing this should not do, however, is discourage the millions of developers 
who have already built compelling experiences...on Facebook Platform and have done so 
without violating any of our terms.” 

FB-01364454 - Sukhar Lacker Sept 2013 chat string. 62 Lacker: “So basically vlad is pushing 
back in both directions. Seems pretty obvious to me why he’s not that into stability. He has kind 
of just written off the value of anything that’s not neko. And is in “these teams need to maintain 
a pointless product without getting depressed” mode. Maybe that’ll change once he has some 










conversations with mike”. 63-65, “I just argued with Vlad for 40 mins. He’s anti.... He thinks 
the whole thing is bad. It’s funny, he didn’t really want to argue with me about it. His reasoning 
is that we’ll never be able to expand core. That means we’ll send the wrong message to 
external developers and internal people. He likes the idea of not breaking things but has no 
proposal....it was very much ‘you can’t change the culture’.” Lacker: “he seems more concerned 
about the branding than the reality”. Sukhar: “it got kind of heated. I fucking hate talking to 
vlad... I cant really keep calm because he is either saying something retarded or 
condescending.... I think he seem me as the instigator so he’s trying to start with me.” 67, 
Lacker: “Vlad was also like, I dont think your process of having every engineer give talks will 
scale.. .and he was like, basically some engineers are totally incapable of speaking and once you 
have real press in the audience the pr folks will vet everyone and forbid the bad ones from 
talking...I was like, eh I don’t believe you”. 69, Lacker: “The neko engineers are kind of like, 
yeah platform is doomed anyway, why should we spend any thought on this stability stuff 
when it takes energy away from our higher-priority moneymaking”. 


FB-01364550 - Sukhar Lacker Sept 2, 2013 chat. Sukhar mad at Lacker for contradicting 
him about PS12N with Bryan and David. Sukhar: “damnit why did you just totally 
contradict me...you can say that to me privately....I don’t think your message is 
particularly good either, “we don’t know what the fuck we’re doing. Please get involved”. 
Lacker argues that getting individual engineers involved can help fix PS12N. 52, Sukhar: 
“I think your assertion that Zuck doesn’t matter is just false. A lot of Platform’s problems 
are due to misaligned incentives in different orgs.” Lacker: “yeah I think that is fixable 
though even by someone who does not have access to zuck.” Sukhar: “That goes against 
everything I know about Facebook but ok.” 54: “If you notice my original email, I scoped 
all my Zuck/Vernal statements to PS12N.” 


f B LI- 92, Bryan Klimt Aug 24, 2013 email to Sukhar Lacker Yu subject “heads 
up about a rant”. “Hi guys, I just wanted to give you a heads up about a status I’m 
planning on posting later today unless I hear a really extremely compelling reason not to. 
Also if you have any particular feedback about it, I’m glad to hear it. Thanks, -Bryan.... Hi 










h im a Pla f i'rn| The purpose of a Platform is to let people build new things on top of it. 
It’s to enable the whole universe of ideas that anyone in the world could think of. 
Developers out there will have all sorts of crazy ideas. We want them to build those crazy 
ideas on top of Facebook. Do you know why Facebook was originally built for the WWW 


instead of being part of CompuServe or AOL’s proprietary networks? It’s because the web 
is an open and extensible platform. It lets developers make their craziest dreams become 



this. After all, I work on Parse, and this doesn’t directly affect Parse. It’s simple. I care 
about developers. I care about Facebook Platform. And I care about Facebook. I want to 
be proud to tell people I work at Facebook and on the Facebook Platform. That means 
building something developers love. And I want Facebook to grow the way only a platform 
can. I want Facebook to be the next Windows, not the next CompuServe. If you agree, feel 

free to reshare this post or a link to this post within Facebook.” 91 L acker responds, _ 

convincing Klimt not to share the post (was it ever posted?): “Hmm. 1 ciii I bissscaiilv . tj ee 


“That sends a clear message to developers: Facebook Platform comes sec ond to Facebook 
the Social Networking Product.” Well, it’s awkward but that is just true, [ be J dca 



pitching and what I think is actually possible and going to happen is to revisit the terms of 
the deal between platform and the social network. We need to be able to offer features that 
do not break at any time, and we need the social network to accept that. We need features 
that, if they really are being revoked, at least we can keep them maintained for a period of 
years, and not break mobile developers’ apps. In return, the other part of the deal will have 



But there are parts that the social network will commit to. So there are a whole lot of 
execution details here and perhaps at some point rather than counter-ranting it would be 
more effective for us to chat in person. Tldr I hope this has been compelling enough to get 
you to delay posting this rant;-) Let me discuss this with you in person.” Bryan agrees to 
delay, thinks Tom and David will benefit too. David Poll? Tom who? 91 Sukhar: “My 
response would’ve largely been the same as Kevin’s. F 



There are beginnings of a plan to 
“reset” Platform to a state where the rest of the company is happy to provide rock solid 
stability guarantee to developers. So, I’m glad you’re holding this rant because there’s just 
a lot of things in flight day to day regarding this whole issue. We made a pretty good 
breakthrough in our lobbying late last week and should sync in person.” FB-01364701 - Yu 
responds “I think this is great. I say go for it. Ilya, Kevin?” 








FB-01364831 - Aug 20, 2013 string around Platform 3.0 2 nd rev. Lacker and Sukhar take 
responsible for defining “stable core”. Lacker: “I like the phrase “stable core”. I suspect 
that there will be two types of proposals, proposals that do nothing and proposals that are 
quite sweeping. ;-)” How did stable core play out for Sukhar and Lacker? 



“also just anything in the stream. If there’s no readstream then things like, comments can you 
still read the comments on a post? Maybe you get some weird subset. Can you still comment on 
a post. Nobody really knows. The only other thing people are confident about in this product is 
that it must launch in the next two months ;-). Sukhar: “Indeed”. 62, “I think we should distill the 
API triage into a set of recommendations. I feel like this environment is conducive to 
prescriptive suggestions. Nobody knows wtf. 63, Lacker: “Basically everyone forgets about 
80% of the api so vernal can make ridiculous statements like “hiding friends, that can’t 
break any apps” “you can’t do anything with a friend uid” but actually there are 100 dumb 
things you can do with these ids.” 64, Sukhar: “it’s unclear to me how to fix this organization. 
Needs more dictatorship.” Lacker: “the strategy is becoming more clear to me.. .basically 
vernal wants to make change. The situation is, there is a top down need and nobody even really 
has a good suggestion for what to do. We should have a suggestion for what to do, but scope it 
small enough so that we can actually do it and we don’t cause too much opposition.” 66, Lacker: 
“well, do you think the whole pennissions model is bad. The permissions model seems pretty 



67, Sukhar: “read stream I’m okay with. Seems logical business wise and doesn’t break 
that many apps as far as I can tell.” Lacker: “the problem is, read stream is overloaded. 
There are many other things that don’t have their own permissions and operate via 
read stream like the ability to count likes on an object.” Sukhar: “huh, really, I didn’t 
know that”. Lacker: “so, it might not break that many apps, but it breaks a ton of the api 
surface area. Yeah like look at [url] the api for facebook posts. If you want to like, post to 
your wall, then check to see what time it got posted at that requires read stream.” Sukhar: 
"<»h | 68, Suk har: “I guess they don’t want anyone posting to walls directly a nymore 

though”. Lacker: 



| 69, Lacker: “we need to 
unify “Parse” and “the good stuff on Facebook Platform”...we can’t do it like, right now 
whereas you can PM right now. 


FB-01364897 - Lacker Sukhar Aug 16, 2013 chat. L: “man, this v3 effort is going to be 
immense to get everyone on board.” S: “What specifically. V3 is a term that means so many 
things.” L “yeah v3 tenn blows. That’s just how Constantin and alan describe it all the time. I 



mean the effort to define a “core” subset and then not break it. There are many different people 
advocating some random mixup of the core api. And some parts of it that are clearly bad.” S 
“Yeah it’s a total mess. Apparently Mike got pissed about poor execution lately.” L “What 
group’s poor execution. I mean, I have my own perception of what is being executed poorly ;-).’ 

S “No clear plan for v3 - falls on Doug / Co nstantin”. L “Here’s a fun acronym. CORE = 
Clean or Remove Everything”. 98, Sukhar 


without 


| L “what is v3 exactly. Just cr eating a clean core is hard enough 
it to a bunch of other randomass stuff.” S 



_| 99, L “man this 

v3 stuff blows. A bunch of people halfassedly driving in em sync just now everyone was talking 
about v3 as if the plan was very set, we were going to remove stuff but offer people more to 
compensate, and the date is nov 1.” Sukhar: “Yeah basically it’s a cluster duck”. Lacker: “ok so 
that just seems fucked and I agree we don’t want to tie our efforts to any platform v3 talk unless 
it’s scrappable I guess, so many people proposing shit, this doc is so schizo. “Our philosophy is 
that data should only be shared with an app when that user wants to share it.” You mean, our 
philosophy as of right now. Not for the past seven years when it was different. I’m gonna look 
through the api and ta ke notes.. 00,1 feel like this was a helpful exercise, there are definitely 
some open ques tions, 

fVicnd access.” THEY TRIED TO FOIST PS12N ON SUKHAR. 


FB-01364905 - Aug 16, 2013 Lacker Koumouzelis chat where Lacker keeps asking questions 
about how other APIs will break when friends list and read stream go and Koumouzelis tries to 
provide replacement answers but then Lacker continues to show how he hasn’t fully thought it 
all through. Lacker shows that much of Platform breaks when friends list and read stream go. 


FB-01364929 - Aug 16, 2013 Sukhar forwards Koumouzelis email to Lacker. Gupta asks: 
“Friends data: I like this for trust. I think we have contingency plan for developers that rely on 
this for ranking: whitelisting them, suggested friends API, invites flow?” . Koumouzelis 
responds: “Yes, we will work out a plan for strategic partners that need this for ranking. The 
reality is that there really aren’t too many developers doing this and we can evaluate them 
directly.” FB-01364934 - attachment on P3 proposal. 35-36, deprecate friend permissions and 
return only app friends positioned heavily on user trust with well articulated messaging. “Our 
philosophy is that users should be empowered to share their data with an app when they have 
expressed intent.” Covers read stream - not possible to make it work with focus on user trust. 
37, “Open Questions: We should evaluate if there are any other APIs or features we are 
interested in deprecating and bundle them into this single breaking change window.” 


FB-01364939 - O’Neil Vernal Sukhar Purdy Koumouzelis Aug 15, 2013 chat. Purdy suggests 
bringing a few top developers in on P3.0 to get their reaction. Vernal: “I don’t think we have a 
very crisp story yet, and I think us looking at that story will allow us to predict most of the 
feedback. Lets write-up the story we’d share with external folks.” Sukhar: “What kind of data do 
you think we’ll get? Absent the new features Eddie is pulling together, the news is likely to play 
negative with any developer.” Vernal: “Right.” 40, Vernal: “I think we need to refine our 




messaging here before we talk to devs. I think we can predict their feedback before randomizing 
them. Eg, I don’t thi nk we needed to talk to Netflix to predict their reaction. We just needed to 
ask ourselves, what will Netflix thi nk ?.... I just thi nk we’re being intellectually lazy here. I think 
our communication with Netflix was complete clown town.” 


FB-01365420 - Starting on 22, David Weekly shares with Osofsky thoughts on developers 
hating platfonn. Devs get chills when they see operation developer love emails because it means 
a pile of new work. Purdy responds 20-21 and forwards to Sukhar. Purdy has the user trust 
message well baked in his response because of prior enforcement with OG actions (newsfeed). 
Has a well baked story for Unified Review to avoid policy violations up front to ensure 
predictability for users and devs. O n 21, though, he says: “3. Platform 3.0.1 don’t think we are 
calibrated on what Platform 3.0 is. | Ve are going to t-cniou' APIs when vvt Uunch this, we 
are actuafh additsg two new \Ple: social coatcAf ami 1 r • - ; |. Once we have those 

APIs nailed down, we will move to drain down the user of the friends permissions. The best way 
to think about this is the REST API -> Graph API transition. We still support the REST API 3 
years after the Graph was announced, but we no longer, after a long, long drawdown time, allow 
new apps to use the REST API.” WAS PURDY LYING OR OUT OF THE LOO? SEEMS 
LIKE LYING. PURDY MAKES UP INTERNAL STORY ABOUT NOT REMOVING 
APIS IN P3 


FB-01365490 - Facebook competing with Craigslist and eBay in local commerce. 

FB-01366934 - May 2014 Sheryl and Boz respond to MZ Messenger Platform Business. 

FB-01367839 - Feb 25, 2013 Lessin to Vernal “for discussion” “Top Level Goals: Get all 
information about all people available to max desired audience (Production)”. 41, “Facebook 
Privacy Prompts... “Are you sure you want your edu-work only shared with close friends?” 


FB-01367858 - Feb 2013 Vernal Lessin others chat. MZ wants to spend more time getting more 
non-friend profile views on FB. 




limvl TYING PLATFORM AND ADVERTISING MARKETS TOGETHER!! LEGAL 
THREAD THAT STRETCH HAS BEEN ADVISING ON. 


FB-01368050 - Williams Vernal Lessin chat. Lessin points to article Foursquare Now Shows 
You Recommendations From Your Facebook Friends. “Do we like this?...It doesn’t jibe with 
platform 3.0 - wondering how we feel in the meantime practically...” 

FB-01368452 - August 2012 mteam announces to board they are changing value exchange for 
non-games part of platform, “stop artificially ‘boosting’ distribution for free - developers can 
buy sponsored stories if they want more traffic from FB. Open up new paid distribution channels 
beyond newsfeed. Give developers the ability to target ads to non-connected users.” 
WEAPONIZING PLATFORM TO SEED THE NEKO BUSINESS SEEMS LIKE THE 
PRIMARY DRIVER EVEN BEFORE COMPETITION. ANNOUNCE CHANGE TO BOARD 
AUG 2012, TO 643 JAN 2015. 


FB-01368843 - Jan 20 2013 Lessin “The nekko growth is just freaking awesome”. 50% WoW 
growth. High of $725k on Friday. 

FB-01368104 - Oct 25, 2012 MZ Vernal Lessin Purdy Rose Osofsky discuss Platfonn. MZ 
proposes different rev shares by vertical as a way of getting devs into a tax scheme. Vernal 
doesn’t think taxing dev’s income is going to work. 


FB-01369121 - October 19, 2012 MZ Vernal Lessin. Vernal: “Mark -1 think we’d like to 
continue the platform business model conversation on Monday. I think the most pressing 
topic to discuss is what data we expose via our platform. There are a number of people who 
are concerned bout the amount + type of data we expose via platform, and I think that 
conversation is blocking forward progress on some of the finer details of this conversation. 
We’ve tried to have this conversation a couple of times (last two mteam offsites) and I think 
it came as a surprise / not what you thought we were going to talk about. If y ou’re game , 

I’d like to take another stab at framing this up and discussing it on Monday. 



| Before I spin-up that meeting, I just want to make 
sure you’re cool talking about this. To just provide further context, I think for a given user 
we broadly allow them to give an app access to the following “buckets” of data today: User 
Basic Profile Data, User Extended Profile Data, User Media, User App Data, Friends, 
Friends’ Registration Data, Friends’ Extended Profile Data, Friends’ Media, Friends’ App 
Data. We’ve also talked about adding derivative data to that mix, but let’s keep that 
conversation separate. I think the main question we need to answer before proceeding is - 
do we want to make any changes to the data accessible via platform? I’ll try to frame this 
conversation up for Monday, but wanted to (a) preview it and (b) make sure you wanted to 


have this conversation.” WHAT IS LIKELIHOOD THAT MZ LESSIN AND OLIVAN 
ALREADY KNOW THE ANSWER TO VERNAL’S QUESTION AND HAVE 
DISCUSSED IT. 


FB-01369406 - Aug 2, 2012 Vernal Lessin discuss meeting with Zuck on GDP/platform 
product/OG business model. Only valuable developers are games and commerce companies. 



With canvas the trade was clear, etc. APIs are too competitively valuable to give away on 
generic terms. Economically rationalize platform. 



FB-01388254 - Primer on Identity Product Group. 


FB-01388549 - starting at 51, March/April 2013 email string - Pierre Calade founder of the 
Sunrise calendar app emails Fessin and then follows up a week later: “Hey Sam, I was talking 
with Dave Morin when I was in SF and he mentioned to me a “private” FB api to match an 
email with a FB users. That would be great for us in order to improve the accuracy of this 
feature: [URF]. Can you help us on this? Tha nk s!” 50, Fessin: “Hey Pierre - That API did 
exist in the past, but we are actively deprecating it. The way we think about APIs is all 
about reciprocity - so, if you are taking X type of data out of the ‘graph’ what type of data 
are you putting back in, etc. In the case of this private API in particular there isn’t really a 
clear value that apps give back to us by using it.... So, it is all but deprecated. LMK if I can 
be helpful in other ways!” Valade; “Tha nk s Sam. I do thi nk it makes sense for FB. Imagine the 
following use-case: you have a meeting with someone, then Sunrise tell you more about them 
based on their public FB info, then after the meeting you add them as a friend on FB, which 
improves your graph. What do you thi nk ?” Fessin: “So - are you suggesting that sunrise 
would send Facebook the user’s history of people they met with? If you are interested in 
working some of this stuff through I am happy to intro you to developer relations over 
here!”. Valade: “That would be great Sam! Tha nk s.” 49, Fessin introduces Valade to Archibong. 
Archibong replies “[FB ONFY]” to Fessin: “pounds like a lesser version of Refresh. I’ll le 
them know that I’m not sure there is value here, unless you’re suggesting otherwise.” 
Lessin: “Agree - but pierre is also a good guy ©”. Archibong: “Got it. I’ll play it like 
Refresh then. I’ll let you know when I’ve thrown the alley-oop and you can come in ant 
dunk it home.” Lessin: “k”. PLAY IT LIKE REFRESH - WE ARE GOING TO 
ACQUIRE YOU OR SHUT YOU DOWN. MICROSOFT ENDED UP ACQUIRING 
SUNRISE. 


i 0 013886 | - Lessin Vernal MZ Stocky March 4, 2013. Lessin: “Hey guys - one of the 
companies I got a preview of this weekend is of interest across identity, platform, and 
search. I thought they were good and want to try to engage them to join FB, but wanted to 
make sure you guys generally know what they are doing and are OK with how I want to 
approach them.... A few good ex-linkedin and ex-google guys are building effectively 
vertex pages for people as an app on top of the FB platform( they look at your meeting 













schedule and do a excellent job of developing a ‘view context’ profile on the person you are 
going to meet - mining things you have in common with them, conversation starters, etc. in 



TRY TO PIN LESSIN AS THE BAD ACTOR, MZ AS GOOD GUY. 


FB-01388652 - Jan 24, 2013 improved support for age-sensitive content for developers. Ling 
Bao update on age range endpoint. 


FB-01388653 - starting 54, Jan 23, 2012, Lessin to mteam (Identity HPM). Lessin describes trip 
to Taipei. “One thing on the negative that I think we should have a conversation about is that in a 
‘pitch’ competition they did where everyone was coming up with campaigns for fictitious clients 

there was this huge bias towards having clients create ‘applications’ on the platform as big 
parts of their campaign. Not sure where this comes from, but I found it pretty surprising as 
a theme that bubbled up a lot and something which I don’t think strategically makes a ton 

of sense for us to be pushing.” 53-54, Another FB employee says they don’t use apps to sell 


clients in actual meetings. That it was just a brainstorm.’ 


FB-0138860 - Rose to mteam Jan 22, 2013 HPM. “Platform 3.0. Channels. Bookmarks and 
requests will no longer surface apps outside of our monetizable games ecosystem on 
desktop and mobile, as these channels effectively provide free advertising. We are also 
tightening newsfeed distribution for non-canvas apps as we move towards a model where 
canvas is used for games and all other apps go through an OG approval process for 
integration with collections, newsfeed and eventually graph search. Reciprocity. After we 
finish collections, we’ll communicate our reciprocity policy requiring apps to share data 
back to FB if they pull data from FB. In the meantime, we’re enforcing our competitive 
policies to prevent messenger apps from using friends.get. It’s unclear how a messenger 
app would be able to comply with our reciprocity policy, and we don’t want to permit them 
to use platform solely to export data.” 


FB-01388679 - Someone gives Lessin feedback on Graph Search “a whole new way of 
accessing my friends’ data. Whether it’s for dating, for recruiting and simply for exploring, it’s 
100% addictive”. 


FB-01388887 - Archibong Jan 17, 2013 email re causes. 






FB-01388974 - “Facebook Five Billion” presentation. Subsidizing android phones and data 
plans to get developing world on FB. 76, “Foundational mobile Facebook services: Feed, photos, 
timeline, sharing, messaging, search, and location”. 


FB 0138701starting at 03, Lessin responds to MZ “Platform Model Thoughts” full 
reciprocity email Nov 19, 2012. “If you thi nk this is the right approach I will absolutely play 
ball / help get it done... I think it is theoretically / will ultimately prove to be a mistake to give 
away the ‘read’ side on the hope that it will ultimately drive value to us via the ‘write’ side - 
however, in a world where we are tightly enforcing ‘full’ reciprocity, and we control what APIs 
we choose to release, I see little deep risk to continuing down the path from competitors.... On 
the first / / how we make good decisions about what APIs we build and support going forward. 
This model suggests that we will over time want to open up more and more information over our 
APIs to drive more ‘engagement’ for our partners... the question is that without hard rules on 
this or a direct way to measure profit being generated from it, how do we prioritize what we 
build & how much we resource platform vs. other things. I feel like we are already in a place 
where platfonn is working on far too many things and winning on far too few, if we do this we 
need to figu re out another way to provide more clarity / guard-rails into what platform shou ld be 
working on. f 



| LOGIN REVIEW CAME OUT 
OF A DESIRE TO MONITOR COMPETITORS. 02-03 MZ: “I’m not sure I understand 
your concerns. Didn’t you suggest that giving away app friends with no charge was 
reasonable before? Did something else change in my proposal? For your other points: - 
New APIs we offer will primarily be premium ones. I don’t think we’ll want to add lots of 
more free APIs to the package, but over time we can figure out what additional premium 
services to add.... For enforcement, I agree we need a real framework and pr ocess here. 
The goal should be to be minimally intrusive / annoying while still enforcing, f 



| 02, Lessin: “Vernal and I are spending some time today 
and then the Money after thanksgiving (with doug) going over the general plan for 
platform in 2013.... Why don’t you let us do these meetings to prep, and then we can ha ve 
the conversation about rationalizing platform in that context. \ 

| Regarding my 




concerns on the broader points / how we are approaching platform... As you note, I am 
fine with giving away ‘friends who are also using an app’... I don’t think we need to charge 
for it specifically. So functionally, when / as you are talking about giving away basic info + 
friends also using app, doing IP when clicks come inbound to an app via ads, and allowing 



FB-01389021 - Starting at 30-31, Lessin email to MZ Oct 26, 2012 “notes on platform”. “Zuck, 
I have been going through iteration after iteration on the platform story trying to suss out a 
perspective that feels strategically right in the long term / as a set of guiding principles AND 
which is implementable and functional in the short term. Obviously I know you have been 
thinking about this a lot as well (along with a lot of other smart people) and I am happy to get 
behind and drive whatever you want to land on.... (1) Applications can write to the graph freely. 
(A) They can write information on behalf of a user to the user’s timeline (so long as they have 
collected the necessary ‘write’ permission).... (2) Applications can use ‘Facebook login’ freely 
& have many avenues to getting user’s IDs.... (3) Reading ‘Basic Inofrmation’ freely.... (4) 
Reading/Using Non-‘basic’ Information & functions.... (5) \ 



| Users (in brief). The user incentives around platform are 
pretty straight forward in the abstract / long-term, though there are some quirks to pay 
down short-term. Over time, users just want to have amazing experiences in the physical 
and virtual world enabled by social. First, they want great apps where they can find and 
interact with great content and experiences with their friends. They certainly don’t want to 
have to ‘sign in’ to anything with different passwords, etc. Over time I think they will want 
applications to help them express themselves so that they can have more custom 
experiences /better experiences of the world, and I think they will eventually appreciate 
things like ever better targeted ‘ads’ as a real benefit. I also think they fundamentally want 
control. Developers/Businesses (in brief). Developers are rational actors that fundamentally 
want to make as much money as possible. Plain and simple. The days of application 
developers without a business model / building projects for fun are rapidly disappearing. 
There will always be people hacking...but the reality is that the app ecosystem has 
professionalized and anyone building anything of scale / import are going to act like 


rational consumers of services....” 34, “The challenge comes in not when we use the scale of 
our own information to drive our own business platform, but when we try to leverage the 
information with other parties to the system / business which we want to do on the premise 
that we practically cannot build everythin g that can benefit from ‘social’ / the information 
we have for a hole [sic] host of reasons.... [~ 



‘A scant few ap plications currently really use any of t he 
APIs we offer beyond the basic information APIs. 



|This is the category where I would put all my eggs in terms of building a dataset 
which has real return-on-scale dynamics / our actual information monetization scheme. As 
we build up value int his type of data we should certainly / will certainly feed it into the 
market-mediated ads system. That should easily create more value for a ll if enabled wide ly 
the question is who do we give the actual data out to and on what terms. 



127-29 MZ responds that he thinks he understands Lessin’s proposal and 
boils it down to three questions: “(1) What is a revenue model that scales to build the kind 
of business we want? (2) What is a read model that reduces the strategic risk to our 
business (and doesn’t undercut that revenue growth)? (3) What is a model that developers 
will participate in rather than abandoning?.... For (1): 



|. I’m generally skeptical that there is as much data leak strategic 
risk as you think. I agree there is clear risk on the advertiser side, but I haven’t figured out 
how that connects to the rest of platform. I think we leak info to developers, but I just can’t 
think of any instances where that data has leaked from developer to developer and caused 
a real issue for us. Do you have examples of this?.... I also think your argument about how 
we help competitors is too black and white. In reality, we do this with distribution too. We 
let most competitors buy ads. And even if we didn’t, we’d let other media companies buy 
ads, and then our competitors could buy ads from those companies. At some level I think 
helping your competitors is a fact of life. We need to make sure we’re not doing this to an 
extent that it destroys us, but we also shouldn’t be so rigid as to rule out any model where 
competitors get benefit from us.... For (3): I think what developers will be willing to bear is 
the biggest open question here. No one knows this for certain and a huge amount obviously 
hinges on this. I do agree that if we give away distribution and login for free, then basic 
info alone isn’t enough value to command a meaningful revenue share. That said, this 


makes me wonder if we need to question our assumptions on what we want to be free. If 
what developers mostly value is distribution (which we’re currently not charging for), then 
I think we really need to ask the question of whether we’re actually getting value from this. 
In theory we want information, but are the posts developers are giving us actually 
valuable?... If we were strategically okay with not giving this away for free, then I think 
many more developers actually would accept ar ev share to enable their users to connect 
with FB and share back to us.. 



THEY DON’T SHUT DOWN PLATFORM, THEY CAN’T 
INCENTIVIZE DEVELOPERS TO BUY ADS. MZ MOST CONCERNED ABOUT 
SEEDING MOBILE ADS BUSINESS. 21 Lessin: “I do agree that 10% to 20% of a small 
number of businesses doesn’t get us there just as platform with thousands of developers 
who pay us nothing doesn’t get us there. That is why I basically land on a model where 
some APIs are widely available at scale (and we get thousands of developers at scale) but 
there are a set of APIs that really are just for partners. Also known as, I think we need to 
have it both ways.” MZ: “Yeah, I think having two programs is pretty reasonable The 
question to me is just what’s in each program and what we get from it. My interpretation 
of your proposal is that we get the vast majority of the value from the companies we 
partner with, but I have a hard time imagining we actually have these kinds of deep 
partnerships with hundreds of companies, so there’s a disconnect for me there. I also 
interpret your proposal as if we won’t make very much money at all from non-partner 
companies, and I think there needs to be and likely is a bigger opportunity for us there. In 
my model, we’ll define rev shares for as many industries as we can think of. There will 
always be some companies that don’t fit whatever models we have or we want to give them 
deeper access in exchange for more value share, and that’s what the deals are for. But I’d 


love to get to a state where most of the value we derive is from the open part of the 
platform with clearly articulated rules rather than custom partnerships.” Lessin: “I think 
we will get a ton of value from the companies using the ‘free’ APIs / non-partners...it is 
just that the value will funnel all directly through our ads/distribution platform... which is 
not a bad outcome at all / it is seeing platform as all about just making the distribution 
business more efficient and scale better against a model where there is natural pricing / a 
market. At the same time, I do think that we will also get a lot of value out of the partners / 
which I really see as a set of companies / producing a set of products which we would 
probably consider building ourselves if we could... The problem I have with a rev-share 
directly, or forcing a developer to use our payments / ad network is that we are not 
connecting the value and the cost closely enough. If the thing that is valuable is our 
payments, they should pay for our payments if they use our payments. If the thing that is 
valuable to them is the ad network. The rev-share could be an interesting deal term at the 
high end, but is just too hard for developers to evaluate / know the valu e we are driving for 
them and whether it is therefore worth it to be on the platform.” M Z : “ 



Another issue that’s implicit in my proposal 














is that it’s not yet clear how a dev would disconnect the revenue share, whereas it’s quite 
clear how you’d disconnect payments or ad network though. That said, I think there is 
probably a reasonable solution to these problems that would still let us get a revenue 
share.” 23, Lessin: “Reading your responses, I do think you are right, I am being stark. I 
worry about mobile messaging apps, etc. and I probably need to temper that in my own 
thinking. The irony is I would be more comfortable with competition if I thought we knew 
better how to leverage our scale asset (and if scale weren’t becoming cheaper and cheaper 
to achieve every day). What I think is that we should effectively not be helping our 
competitors more / much more than how they could get help from elsewhere in the 
market...! do, however, again think that we want as much control here as we can get.” 



“I think we need to provide DLYD obviously, and you are right that some power-users do 
appreciate the ability to take data out in general / push it to other services.... I think thi sis 
something we can manage around. I do think it is basically zero cost to us to allow 
applications to write content on behalf of users, but we should just think of it as that - 
which is allowing apps to fulfill a user need... re: the distribution, I don’t think we should 
under-weight distribution from apps, I just don’t think we should over-weight it - and I 
think that if the real value translation is apps publish data to Facebook because users want 
to publish data to Facebook, then we should do the right thing by users around creating 
good experiences vs. worrying about pushing ‘traffic’ back to apps (aka, go with snow-box 
type solutions for third party photos and pinterest pins rather than pushing the user out to 
the site). Really what this boils down to is that I think developers are rational business 
actors. They will not give us structured data which is actually valuable to us unless users 
demand it.” MZ: “Agreed” Lessin: “AMEN”. 24-25 Lessin pushes for a la carte offering of 
charging for distinct APIs like Amazon Web Services does. MZ agrees it would be ideal to 
make everything a la carte efficiently but they can’t do that and “that realization is leading 
us down a path of minimizing development and access to an important piece of platform 
that I think devs do value (the read side). I do agree it’s difficult for a dev to think about 
whether the value exchange is fair theoretically, but if we can get a few folks on board then 
I think we can start to establish a market norm and more folks will do this.” Lessin: “I 
don’t agree - but I do understand your perspective. I really just can’t see any developer 
making the % revenue trade with us for a bundle of services some of which they value, 
others of which they may not, and overall where it is really hard for them to know what is 
what (especially over the long term).” 26, “Finally, if we are going to have another return 
on scale business other than attention, we need for that business to stand on its own / be a 
rational trade in and of itself for us and for developers. Unfortunately, the dynamics 
around data are just complicated enough that I think we end up in a world with maybe 100 
or 200 partners for the next few years, not everyone - and we have templatized, but not 
formalized terms." I 





into our identity business in the sense that giving apps the ability to uniquely get identifiers 
on all their users is a huge huge deal... the question is only what do you do with that / how 
do you match it up with an economic model... and I think we need to couple the identity 


value + services, where our services are better because of identity (be they engagement / re¬ 
engagement, an ad-network, or payments with better built in fraud detection).... The only 
thing we should be careful of is making sure that we are selling things in ways developers 
can rationally evaluate and want.... I think that putting some practical screens up on how 
things could look in mid 2013/2014 might be helpful...” 

FB-01389090 - October 22, 2012 Osofsky emails Vernal Purdy Rose app analysis, Rose 
forwards to Lessin “let’s discuss”. Osofsky: “As discussed, attached is a soft copy of the 
analysis (as well as the underlying list of apps). It sounds like today’s discussion will focus 
on what data we’re comfortable sharing as a platform. If we explore making distinctions 
between head vs. tail (or competitive vs. non-competitive) apps around data, this may be a 
useful fact base for the conversation. One of the most interesting aspects is that the “head” 
OG apps that continually arise in these business model discussions (e.g. Spotify, Twitter, 
Pinterest) are already subject to additional terms under platform policies which we don’t 
consistently enforce.” 

FB-01389108 - September 3, 2012 Lessin emails Sandberg and Rose “Platform Market 
Estimates”. Different ways of monetizing platform. Lessin points out that they have widely 
varying assumptions. 

FB-01389164 - Rose to Lessin Aug 20 2012 regarding “CRM (Experian deck) and Platform 



FB-01389327 - Rose to Lessin Aug 15, 2012 “I have further changes from Sheryl”. Shows 
Sandberg worked on the board deck in aug 2012 that describes shutting down platform. 

FB-01389423 - Heaton emails Lessin Daniles Miller Spensieri Eide “categories of platform 
revenue” with updated slides showing a la carte and bundled pricing for friend lists, etc. 


FB-01389628 - Lessin to MZ Aug 12, 2012. “categories of platform revenue”. 


[29-33 Lessin Background on Platform] 

Background. To date, Facebook platform has effectively had three major iterations. The first 
iteration was ‘Canvas’. With Canvas the trade was relatively clear. We gave application 
developers free distribution and free data, which they converted for us into more stickiness on 
Facebook generally, and very specifically more time-on-site / page-views which we could 
monetize and turn into growth via a right rail. We never knew exactly how to value the canvas 
(as evidenced by our HI scramble); however, from a macro perspective it seemed like the trade 
generally worked (though we did end up needing to effectively negotiate separately with Zynga 
once they had scale to make sure the general canvas framework kept working when canvas 
consolidated). The second was ‘Connect’. The trade with Connect was relatively clear. We gave 
applications / developers similar growth and the same data, but without a right rail / being dealt 
into the ‘time on site’ that those apps were generating, it wasn’t clear that the trade was good. 
Between those two businesses we find ourself in a place where canvas is a $1B YTD (half 
monetized through payments / half through developer ad spend + extra inventory) business, and 
the rest of platform is currently a $12M YTD business. 

In the last year we launched ‘Open Graph’, the third iteration of platform. Open Graph took as 
assumptions the following things: (1) - More Data Creates Good User Experiences: If we had 
really good structured data from developers we could turn that structure into a compelling user 
experience (on the viewer side; great fed stories / an amazing consolidated experience of what is 
going on in your world, on the ‘owner’ side: great self expression that people were proud of / 
actively wanted applications to publish on their behalf to the point that publishing to OG was 
seen as a selling point / a point of differentiation). More structure would create a better service / 
more stickiness (2) - The Data we collect is valuable to Advertisers: If we had really good 
structured data being published into the system we could package it and sell it to advertisers in 
the fonn of‘ad-targeting’ / we could monetize the data we were getting from OG. Furthennore, 
the assumption was that there was effective ROS (return on scale) to data... so that knowing how 
often / when you had last listened to ‘lady gaga’ was incrementally more valuable than knowing 
you like lady gaga. (3) - Applications will be willing to trade well structured data for 
distribution: The idea was that applications would be able to ‘buy’ distribution from us by 
publishing in structured data AND that we could make incentives align by giving more 
distribution to applications that published more correctly / well structured data (else there would 
be an incentive to game the system and seek the highest distribution value at the lowest 
information cost). 

So far, though we still believe them intellectually, we have been unable to get these three bets to 
paying off yet. (1) We have thus far been unable to yet create a compelling experience around 
open graph that make people actively want to use it for self expression. While a narrow set of 
OG apps stand on their own two feet in feed (pinterest / Instagram), most OG stories would not 
show up organically / they are not a compelling enough viewer experience to rank their way into 
feed on their own. (2) For a variety of reasons, sof ar the data we have been collecting via OG is 
not monetizable through our ads system / is not valuable data. This has to do at least partially 



with the fact that the categories of data that resonate with users / that we have focused on (music, 
video, etc.) are of a category where the publishing application has no mine to boost the stories. 
(3) In the cases where the data could be valuable, We have alignment issues with our OG 
partners... generally speaking, they value their data (perhaps even over-value it) and are worried 
about the nature of a trade where they give us that asset in return for indefinite amounts of 
distribution. (4) Because we are unsure of the economics of the trade of some structured data 
from app for distribution and data from us, we repeatedly find ourselves in situations where we 
are evaluating on our end whether we are aiding competitors to our own detriment. 

Rationalizing the Platform 

Why we have a platform... 

With that background, it is worth starting by discussing why we have a platform at all / what the 
purpose of platform is supposed to be. As I see it, there are three major reasons to have a 
platform / why we allow programmatic access to Facebook at all. (1) The first is to help users 
express themselves / input information. Facebook can build compelling interfaces for adding 
information to the system / users expressing themselves; however, there will always be far more 
ways users will want to express themselves than we can possibly / reasonably provide. We get 
the most value out of our users when they use our native applications to express themselves, but 
it is so important that users can express themselves fully in our system, that if other companies 
build other ways for users to express themselves / can help users express themselves, we should 
allow publication via those parties. (2) The second reason that we provide a platfonn is to help 
users get the most out of the content added to the system. Again, with the generic interfaces of 
newsfeed and browse we can provide a lot of user value; however, especially as we look to 
enable the real world, the more applications working on behalf of a user can read valuable 
information from Facebook, the more valuable it is for users to have that information on 
Facebook / use Facebook as their medium for exchange. (3) The third reason for having a 
platform is that we believe users own their data. We have to be very specific when we speak 
about what ‘their data’ means; however, as a general principle we believe that it is good for users 
to own their data and to be able to leverage it to their own advantage in the most efficient ways 
possible... that requires programmatic access. 

The platform needs to economically work... 

Understanding these three reasons for providing a platfonn, it is worth talking about value 
exchange in the ecosystem. The problem we face with these three reasons for providing a 
platform is that taken to the logical extreme they remove our ability to profit from our users. 
Without the ability to profit from our users we cannot maintain / build a better system for them. 
There are two key failure modes here / how this could happen. First, if our platform were wildly 
successful and every app in the world was writing data to it / pulling data from it, but because all 
these apps built better interfaces than us no one came to Facebook.com, we would have no 
advertising inventory and make no money. Second, if our platform gave many many social apps 
the distribution and data they needed to grow independently then over time the world could 
splinter into a series of vertical social applications pulled together by an identity & notification 
layer at the hardware / OS level, and we would lose. Because of these failure modes, we need to 



make sure that our incentives are always aligned with the apps that are building on our platform. 
If we don’t align incentives then we will always have an ambivalent and unstable relationship 
with developers where we don’t trust them, they don’t trust us, and we constantly second guess 
the value exchange we have with them. That doesn’t mean we can’t subsidize / invest in our 
platform, but it does mean we should know the cost of any subsidies at all times... 

Certain things need to he true about the platform for users... 

Let’s start with what some basic principles that we shouldn’t violate / are core to platform being 
positive for the user. (1) The user should be able to delegate permission to write data to 
Facebook on their behalf to anyone they want. This is core to self expression, which is what 
timeline should be. If I knowingly and purposefully elect an app to write to Facebook on my 
behalf, that app should be able to act on my behalf (there might be some technical or practical 
limits to this, but that should be the concept). (2) The user should be able to give their 
information to any application they want to make their lives better, again, so long as I am 
knowingly / purposefully doing it. To me these two principles resolve to, apps should be able to 
write to your timeline on your behalf. Apps should be able to read information you have added 
on your behalf.” 

Rationalizing Platform: Distribution via newsfeed... 


Now, let’s talk about what we can rationalize in the system on top of those principles. Basically, 
there are two axis of value we are giving apps, therefore two axis of value that we can try to 



they can either ‘insert’ their own messages, or they can ‘boost’ other messages that they think are 
beneficial to them by others... but the boost should be priced by the market. (NB: for the 
purposes of this document when I speak of Newsfeed I really mean newsfeed + the ads column 
right column on web, which I consider to be also a ‘newsfeed’, just one that happens to be right 
now tuned to only show paid content ...but the logic / rules should be the same). 

Rationalizing Platform: Distribution via inbox and notifs 

If Newsfeed is a certain type of distribution, there are at least two other classes of distribution 
that we need to provide for applications. The first is a stable channel where applications can 
always reach out to a specific user. Applications need this because there are certain types of 
engagement / re-engagement with specific infonnation that perhaps the user actively wants that 


just isn’t suitable for a medium which is designed to be / feel ranked and unstable. We have two 
of these channels in Facebook, Messages and Notifications. Applications want and need this 
form of distribution, we should always start from a pure experience / assume that applications 
will send ‘junk’ to users they don’t want, but then allow applications to pay us to prove us 
wrong. Because these channels need to be ‘stable’ for an application to likely get the messaging / 
relationship they need with their users, rather than pricing on a per-impression basis, we should 
be pricing these channels flat on a per-application basis. So, a spammy app / a likey spammy app 
might have higher fees than a non-spammy one (in this way, we should start prices high at low 
volume, and then drop prices for applications as they get scale / that scale is ‘good’ volume that 
is open and engaged with).... 

Rationalizing Platform: Competing with ourselves.... 

These channels / ways of packaging information are valuable and good because Facebook has so 
much attention and use today; however, it is important to point out that our current mode of 
operation is to also give applications at very low friction / cost (and unclear user preference) 
access to user email addresses, which is a competitive channel with our distribution product. I 
100% believe that if a user actively wants to give an application their email address or phone 
number they should be able to... but I do not believe that on the margin / if the user has not 
actively made this selection we should be giving applications alternative ways beyond us to 
reach our users so long as we provide all the channels an application would need to operate (at 
least one guaranteed one, one ranked on, etc.). 

Rationalizing Platform - selling information is a tricky but seductive beast.... 

This bridges to the second type of business we can provide via the platform / the second type of 
value we have to give away - information. We have a lot of information to ‘selF. Even if you say 
that users should always be able to expressly grant their infonnation to applications if they wish, 
we have tons of value in the fonn of trust scores, derived coefficients, etc. which is decidedly our 
information / not user information and very valuable. That said, information is a tricky beast. It 
has a few really interesting properties, at least two of which are worth calling out (1) There is no 
inherent scarcity to infonnation. Unlike attention or any physical good it can be copied and 
shared as many times as you want at effectively zero cost. Because of that, the only value 
information has is that it is unknown / scarce. If you are the only person in the world that knows 
Wallmart’s stock price tomorrow at noon, the information is priceless, if everyone knows it then 
the infonnation is worthless. Because there is no inherent scarcity, we basically exist in a world 
where if you have a piece of information that someone wants to buy from you and you are the 
only provider, you can do well; however, if there are multiple possible providers the information 
is effectively worthless because you will bid each-other into the ground (this isn’t precisely true 
because all information is probabilistic, and since there is no inherently ‘true’ fact, you will pay 
some providers more than others for the same bits if you trust them more) (2) the same bit of 
information can be worth vastly different amounts of money to different people / players. This 
can be true of attention as well, but because I can both use and sell the same information, there 
are no natural market dynamics / no natural means of price discovery (3) Unlike distribution, 
which is finite / doesn’t scale forever (there are so many hours in the day / days in a lifetime), the 



value derived from information scales forever, just like technology... which makes it a very 
appealing business if we can get it right. 

Where this leaves you is that it is very hard to effectively directly sell information at any 
reasonable scale, but it is very seductive to figure out how to build an in formation business. With 
no terms of service / in a fully free and un-encumbered way, in a rational world you could 
basically sell information once... and in that one sale you would have to price the full value of 
the information for all eternity to all users going forward... the reason this is the case is that you 
would sell the information, then another provider would have the information, and assuming you 
are not colluding (which obviously you wouldn’t be) you would each now sell the same 
information to everyone, and therefore neither of you could ever make any margin. Of course, in 
a more rational environment, you could attempt to protect the information you are selling by 
doing the following things (1) no caching policies / you can’t store the data but instead need to 
phone us every time you want some of it (2) no resale policies / just say that you can lease our 
data / use it yourself, but you can’t apss any of it on via APIs, etc. The problem with these types 
of terms is that they are pretty much un-enforceable ... for instance, even if another application 
attempted to follow them, if they used our data to improve the quality of their network, if they 
ever provided APIs to their separate user graph, etc. the quality of that graph would have been 
informed by us, and therefore would have the value of our graph embedded in it (potentially in a 
very high quality way). 

[It goes on...] 

28 Lessin: “Zuck, wanted to quickly respond to the specific points in your note & share the 
broader framing I have been working through / some suggested changes.,.. Looking 
forward to discussing more tomorrow... / 

MZ: “1. Advertising. This is our current business model for OG, which includes two 
primary tings: having developers pay to boost their distribution and having advertisers pay 




MZ: “2. Taxing use of platform. This includes ideas like charging a yearly license fee for 
developers, charging per read API call and charging for new premium read APIs. These 
could generate a meaningful amount of revenue, but it will also create a large amount of 


ecosystem thrash. Charging for things that have been free for years is painful, and the new 
things like premium APIs are the most speculative. Taxing resource consumption is also 
difficult to price compared to getting a revenue share.” 


Lessin: “I think it is a good ideas to charge annual fee, but more so that we can focus on 
developers that are serious / be having the right conversation, not because I actually think 
it will generate any real revenue. The quick back of the envelope is that this is worth about 
$17M / a year right now @100/year free - Right now, it turns out, 166k apps have over 100 
MAU, only about 13k have over 10k MAU, and 2400 over 100K. not zero, but assuming no 
under 100 MAU pays, not a huge business. Regarding other APIs, I have been digging in 
with the team and really people are not using our read APIs that deeply from what we can 
see so far. It seems like mostly people just call basic info and friends. Again, more coming 
here, but this analysis has made me really skeptical that more premium inform ation APIs 
is going to be the place to go right now (even if I intellectually love it) - further, |~ 



The current back of envelope is that selling something like email addresses would 
hypothetically be worth <$100Ma year...maybe a lot less.” 


MZ: “3. Taxing developer revenue. This includes ideas like a developer ad network, a 
developer payments system with a lower rate and other ideas where we provide a value- 
added system and then take a percent of revenue. 29 This is likely the most efficient way to 
tax developers, but it requires building the most new stuff which isn’t directly tied to 
providing a social platform.” [BUY PARSE] 


Lessin: “I love doing a developer ad-network as soon as our ads perform better than 
competitive ad-networks., until then it doesn’t seem that compelling. The real problem with 
this, and with a payments solution, is that they are just really low margin. Not a reason we 
shouldn’t do it as infrastructure for our developers / the ecosystem, but not something for 



FB-01389405 - 10, MZ email to Lessin Aug 12 2012. “I’m surprised you’re so pessimistic 
about (2). I can construct a scenario where this gets close to $lb / year relatively quickly. 
I’m assuming that more developers than ones who have active users will pay for keys. I 
doub everyone who has an Apple key has even published an app. I bet the total count is 
closer to ~lm since many more millions have developer accounts. I also assume that 
developers with more users would pay more than $100 per year. Instagram or Microsoft 
would easily pay $100k without complaining at all. With a few tiers of access, this can get to 
$100-200m. On API subsidy, if we ask developers to pay 2x the API cost they’re taking 
today, that would be ~$120m. At 4x that would be ~$240m. They already pay a premium to 
Amazon over what they’d pay if they were hosting their apps themselves, so this shouldn’t 
be expensive for them at all. I bet we could charge even more than this, and over time this 
should scale to be much bigger than it is today. The premium API is the hardest to predict, 
but I don’t think it’s reasonable to infer that people don’t want this from the fact that they 


just use the API for getinfo and getfriends today. Not calling getphotos doesn’t mean 
you don’t want IP or coefficient. | ; ■ i 

eoiTt/hnes most mill mmimg yd frieiuk, and ehosc arc- whui cuinom- rnsm Jlfwe 

charged $.001 per API call and there were lb API calls per day, this would be ~$360m / 
year.” 08, Lessin: “On developers paying for keys, I agree that it might be more than 
$17M, that was more just an order of magntidue assessment, it might be 3 or 4X that. My 
gut is I would caution against a world where we charge developers per-active / try to price 
discriminate on the size of an app with flat fees. The issue with this is that it is pretty far 
disconnected from actual value for developers (some apps monetize very poorly, 
presumably others do well) - the closer we can couple our monetization directly with the 
value we are creating, the easier it is for people to price, buy, etc. So, we should obviously 
be making a ton more from Instagram and MSFT than from a tiny developer, but we 
should be extracting that in my mind as close to the value we provide (targeted / 
information rich engagement, re-engagement, etc.). On the API subsidy, some things to 
think about. (1) I actually think that if we charged people they would massively reduce 
their calls (you can look at this as a win / lower cost of providing service) (2) people don’t 
look at amazon as a premium, they generally look at it as a discount / a way to put off cost / 
avoid buying servers ahead of demand / deal with peaks, and avoid human capital / sys¬ 
admins. Amazon is a capital and management hack - I want the analogy to hold, but I 
don’t think it does. Re: premium APIs, I don’t mean to assert that people don’t want this 
based on their behavior today. I strongly suspect that they do want it. I do want to point 
out that (1) we don’t have a ton of people currently using our APIs deeply at all today, 
which does indicate to me that anything we do will take longer to ramp (2) \ 



| Would love to discuss / hear yo ur views on (1) do you agree with my point re: 
normalizing between platform and pages? (2) | o yon agree re: giving mf. emails. IT IK and 
“friends’ ■ ■ those are all pretty radical proposed diaisgir from die |do you agree w 

platform 3.0?]. 07-8 MZ: “I don’t think we should charge developers per user. I’d jus tdo a 
few different tiers. $100 to get access at all, $1000 if you have lk users, $100,000 if you have 
lm users and maybe even $lm if you have >10m users. We currently have >20m users with 
keys at all. If 5-10% of them paid for keys, that would be $100m. It’s cheap enough that 
this seems reasonable. As for the other levels, they’re all relatively cheap compared to what 
a developer of that size is paying for other stuff, so I’d assume almost 100% of devs at those 
levels would pay. Assuming: lm*$100 = $100m. 38k*$l,000 = $38m. 412 * $100,000 = 

$41m. That’s $179m today. If we add the $lm tier for huge apps, then it changes to... 
370*$100,000 = 37m, 42 * $lm = $42m...and the total is $217m today. As every developer 
in the future wants to use this stuff as well, this could grow nicely fi we do a good job as 
well. For API calls, my point wasn’t that devs think of Amazon as premium, I know they 
don’t. My point was that Amazon is some amount more expensive than what it would cost 
them to do it themselves. For us, Amazon would cost about 15-20x more. So in reality, 
Amazon is charging a premium, even if it’s low margin since they’re building out their 
infra to be general. Given this, my point is we could charge 2x or even 5x and have it really 


be at the order of magnitude of “at cost” from a developer’s point of view. Today 
developers use about $60-70m of infra per year, and I’m assuming our human dev and 
upkeep cost is almost as much, for a total of somewhere around $120m. Intuitively I bet we 
could charge a multiple of this and have it not be overbearing. Looking at some numbers, 
today we do about 50b external API calls per day. If we assume charging reduces 80% of 
this load, and if we assume we charge on average $0.00005 (half of a hundred th of a penny) 
per API call, then at 10b API calls per day that’s still $180m 



5-06 Lessin instructs Chad Heaton working with 
daniels Miller Spensieri Eide Purdy to put together board deck that expands the options 
for monetizing platform beyond just the $17m straight developer charging. They work on 
various bottom up revenue models for the different platform monetization opportunities. 
Lessin takes over the master deck to frame the presentation to the Board, knowing that 
Sandberg’s ideas have swayed Lessin. 


FB-01389626 - MZ emails Lessin on 26-27 Aug 12, 2012 “Over the weekend I made a list of 
what I thought the top priorities are for each group. This should help us make sure we’re 
aligned and have a shared sense of what succeeding in this next period looks like. Here’s 
what I think they are for Identity / Platform, in this order: (1) Ship Timeline v2 with new 

AP goals. > 

(3) Support Core 

Graph / Audience Problem work by shipping tagging, audience/distribution controls, etc 
and consulting with other teams on their pieces. If we just succeed at (1) and shipping the 
basic features for (3), I think we’d be in an okay place. However, if we nail (2) as well, we 
could be an amazing place. If we help other groups achieve an org-wide success on (3), that 
would be great as well. Let me know if there’s anything you’d add to this or change.” 
Lessin: “This seems good. I appreciate you sending them, I am hung-ho for the focus, and I 
am sorry if a few times I have come to you recently a bit off kilter -1 am def a bit stressed 



OG integration and new GDP system. Increase user sentiment and hit PU 


FB-01389634 - 38, Heaton Aug 9, 2012 email to Lessin, Daniels, Miller, Spensieri, Gary 
Johnson, Jon Eide “Draft Developer Monetization Deck”. Heaton shares deck, Johnson provides 
top-down market estimates for web identity and consumer infonnation, consumer market 
research & interactive marketing, mobile notifications / marketing. 35, Daniels: “If this is going 
to the BOD, I feel like we’re missing the fundamental story of why the incentives are misaligned 
today. Today the fundamental trade is “data for distribution” whereas we want to change it to 
either “data for $” and/or “$ for distribution”. Essentially, we’re looking to put a $ amount on 
data and a $ amount on distribution so that there is a way for those who value their data > than 
distribution or < distribution to get a fair deal.” Heaton asks Lessin if he has a meta-story and if it 
agrees with the data for $ and/or $ for distribution strategies. He then asks: “Second, how do you 
want to show (or not show) the 4 different potential opportunities of 1) Charging Devs for 
Access, 2) Charging for Data (API), 3) Charging for Distribution, and 4) Marketplace. In you 
rcomments this morning you wanted to keep the Access piece and remove the marketplace piece. 



Below, Chris suggests the opposite.... Let us know your preference here.” Lessin 34-35: 



1 34, Heaton sends updated deck, noting; “|3n the Email API bottoms-up, 
rather tan focusing on the number of API calls and giving those a haircut, we took a 
different approach. We basically said, what if email permissions were no longer provided 
as part of basic info to Connect developers and they had to pay for the email addresses if 
they wanted them? We then sized the number of currently active Connect App-User pairs 
and the number of all-tie app-user pairs that have installed an app. By subtracting the 
former from the latter, yo uge the number of stale users (I.e. Users that had previously 
installed and used an app but that are no longer using it). Then you can make assumptions 
about what percentage of their active users Devs be willing to pay a fee for in order to get 
their email addresses and communicate with them, and what percentage of stale users 
would apps be willing to pay a fee to get emails so they could try to resurrect them. Once 
again, the percentage and fees are highly debatable, but I thi nk the framework ismo re 
sound than our previous (kudos to Chris Miller for the idea). \ 



FB-01389741 - Feb 21, 20 12 Fessin MZ email “some thoughts” top level strategy and 

mteam. 42, 

Fessin sets up his strategy note with a long preface that “I am going to be really direct / tell 
you al lthe things I am thinking in the back of my head....I really do respect and trust you 
as a leader enormously. I just really want to win / and see Facebook become a full 
expression of its promise... and I think that the best thing I can offer is directness. So, with 
that scary windup done...” 43, Fessin “I know that some of these stances are controversial / 
are not consistent with the current wider message to the company, but I will state them 
pretty bluntly nonetheless: (1) We are primarily a web company & the ‘desktop’ web is 
clearly not the future - this needs no explanation. I thi nk we all know this is true. (2) Native 
apps will dominate over mobile-web for a long time (maybe forever) and we cannot prop 
up HTMF-5 / are not strong enough to lead a shift - the mobile OS makers have a strong 
incentive in native apps performing better / working better than the web... so theory / what is 
possible aside, native apps will work better & be better experiences than the mobile web. I might 
go so far as to say that the free and open web was an anomaly caused by immature desktop 
OS platforms who failed to develop the distribution and payments capabilities needed to 
support good business models for developers and therefor lost the advantage to the web 
briefly... iOS, and to a lesser extent android, has reversed this - the tower of babel is 
falling / the unified language will go away for a while and the value (or a relative ig not 
absolute basis) will end up tucked away on proprietary ‘platforms’. (3) I do not think we 
will be able to build a successful ‘phone’ anytime soon. I don’t have all the details on firefly, 
and it is possible, but to me it feels like a hail-mary to be trying. It isn’t in our DNA to build a 
phone / manage carrier deadlines, battery life, etc. and as a result I am skeptical that we can do it 
well enough to get any meaningful part of the market from our competitors.... I really just don’t 
believe we can go toe to toe with apple or google and win. (4) The ‘Open Graph’ is 
fundamental but a long way from being set up for success - I am ridiculously excited about 



OG long term -1 think it is the holy grail, and I really look forward to a world in the future 
where the OG is the primary data-store for many applications... but I think it will be years before 
it is really good, not months. The immaturity of the OG might be fine if there was a gold-rush 
mentality about the platfonn as there was originally, but I really think that the developer world 
has grown up a lot since the original platform - and with options like iOS out there, I think we 
need to be in a far more polished state to get people to use us in a serious way.... As a value 
proposition for developers - when there are other option sout there we need to provide clearly 
demonstrable value for developers in a way that they can understand is symbiotic so they don’t 
question our motives. Right now, we provide no clear monetization, and because developers 
can’t tell themselves a clear story about what OG is doing for us, we can establish little trust in 
the distribution patterns we do provide. Right now those that use the OG are looking at it 
basically just for distribution / as a way to drive people back to their own apps... This mentality 
encourages people to look for ways to get the most distribution in return for giving us the least 
data / least well structured data. It means no one is betting the farm on it, and app developers will 
tend to act parasitic instead of symbiotic. As a developer interface - documentation, submitting 
/ approving apps, etc. I don’t have much first hand experience here, but from poking around a bit 
myself and talking to people at Nike, watching Waze try to do it, etc. it sounds like there is a lot 
of growing up to do.” 45, “(5) We generally to date have had a monolithic approach to our user 
interfaces (one website, one iPhone app, etc.), but (A) bite-size experiences will win on mobile 
platforms (B) having a monolithic approach to interfaces means you end up building ever more 
complex interfaces that are harder to make ‘good’ & fast - On mobile people want simple 
experiences that they can consume very rapidly / in intennediate time rather than constantly in 
the background... our mentality & app are not tuned for this. The fact that people love Instagram 
speaks to this in my mind.... (6) We have a ton of ideas on what to improve in our core model / 
business, but not the resources to do it -1 feel like every week we are calling out really important 
and leveraged product improvements we could make (like your email re: path last weekend) - 
but because we are so heavily invested in a few very large products right now, we just arne’t 
even close to being able to actually execute on these social changes which are core to our 
business.... (1) Invest significantly more in the core, and become a ‘API first’ company we talk 
about being a mobile first company, but I actually don’t think that goes far enough... I think we 
need to be an ‘API’ first company....” Lessin and MZ argue about being an attention company 
versus an information company. Infonnation has inherent return on scale but needs scarcity to be 
valuable - protect the graph mentality. Attention is all about distribution and being the interface 
where emotional interaction occurs. 42 MZ: “I really agree with your point about being able to 
articulate our business model around data. However, one thing I still don’t really get is the 
difference between being a distribution platform around people’s attention vs being an 
information platfonn. Those just seem like wo ways of describing the same thing to me since in 
both views we’re helping people get content into the system and then creating utility and revenue 
by showing people the best content/information.” 41, Lessin describes in information business 
FB would thrive even if no one ever directly visited the site. FB makes money by knowing better 
than “anyone else what story (sponsored or otherwise) to deliver to whom at any given moment 
by knowing everything about that person.” If FB is distribution business, “We need people to 
actually pay attention to our platfonn for us to succeed / read NF through our interfaces, etc.” 

FB-01389770 - July 13, 2012 Lessin sends his model of all of Facebook to Brian Boland 
who was then a product marketing director for sponsored stories. 



FB-01389903 - June 2012 Bosworth Lessin Rait Laraki Armbrust. Armbrust working on 
project with Evernote, the first only me partner integration ever. Evernote has invested 
substantial time in the project and is close to launching. Lessin says it is looking good. 
Armbrust tells him they need to be able to change the format of text in the posts and it’s 
common, FB’s other competitors do it. SL and Boz discuss. Boz then tells them “Today 
Zuck said we shouldn’t spend any time investing in features for Evernote. I agree with 
him.” 


FB-01389969-May2422012LessinRaitSelekmanOsofskyPurdy Yao chat. Yao :”Hey, 

Just go! off a call with foursquare about gL mg us ail 1 heir du|. They asked for 2 things in 
return: —Data Reciprocity - 1) The ability to query our api for a particular venue and get 
back all public posts related to that venue 2) The ability to query for a particular user the 
list of location related posts they have shared, (already don e today). 
Understanding/Agreement around how we’ll use the data - 1 



| What are we willing to agree to at this point? Doug/Sam, do 
you guys have a strawman around this already? My instinct is to keep it general and 
basically say if any point we start trying to monetize local, we’ll co me some type of rev 
share agreement when we use foursquare data. Thoughts?” Rait: 



.” Lessin: 

“Doug and I do have a strawman for this - I said I would write it up weeks ago and then 
didn’t — will focus on it.” Yao: “thx Sam, will be super helpful to at least have internal 
agreement around this while we’re pushing developers on giving us everything. Zach, I’m 
wary too, but I can’t imagine a world longterm where we make money off the 
developer/a pp content and don’t rev share in some way. It wouldn’t be a sustain able 
ecosystem.” [~ 



FB-01389974 - Boz Lessin Olivan email chain May 22, 2012 - deciding whether to force-in or 
opt-in users to timeline, notice that negative sentiment in a force-in test was driven mostly by 
OG apps, so they blacklist a bunch of apps from using custom actions in OG. 76-77 Boz: “We 
can turn off COG force-in and go to that entirely, or we can do that for the bad apps if we can 
identify those. Socialcam, Chill Mynet, Viddy, Zapkolik, MyCalendar - Birthdays, BranchOut, 
AMERICAN IDOL Online Voting, Tetris Battle, The Sims Social, Zoosk, Identified, Pinterest, 
SoundCloud Mall World, Candy Brush, Instagram, Solitaire. 75, Haugen: “Hey Garry - We 
blacklisted a bunch of the apps below from opting users into TL. Can you pull numbers again in 
a few days - hopefully much fewer users are getting opted into TL via OG.” Garry Ma: “Sure 
Austin - when did we start blacklisting the apps? If we’ve started today, then I think we should 
be able to see a large drop in force-in #s starting the weekend.” VIDDY OG CHANGE. 



FB-01390364 -Lessin Schrock May 8, 2012. Schrock: 



t doug is super good.” Schrock: “I had a meeting with vlad and eddie today 
where I almost lost it. Yes love love doug 81 Lessin: “I think there is a bright horizon - it is just 
hard.” Schrock: 



| Lessin: “Developer karma is all about giving developers value they can use (and 
trust). We are pretty low on the last bit, but the only way to get it back is the first.” Schrock: “So 
what they want to do is incrementally roll this out. 82 Add features to graph api piecemeal until 
it looks something like graphql. I think you need a big bang where you say this is OUR platform, 
and now it is YOURS. Here is all this hotness. A new dawn has risen etc etc.” Lessin: “yah, the 
only thing I will caution you on (and I know you know this) - is when you have a hammer 
everything looks like a nail. I also don’t kn ow the specifics.” Schrock: “new pricing model, 
graphql, browse, new OG iteration.” Lessin: “so that is a very very generic statement.” 
IDENTITY STARTS TO TAKE OVER OG FROM PLATFORM. 


FB-013903998 - 99, Lessin April 29, 2012 email to Purdy Stocky Rajaram Rasmussen Badros 
following up on Ark.com article and whether to consider buying them. Lessin: “Just one thing I 
would note here (and I generally think our policies are right) is that there is an interesting 
calculation of what % of fb users you need to auth an app for the app to get the whole 
graph (based on your ability to not just get your own data but that of your friends). I figure 
the right 1% of people get you a pretty big percent of the wile (though I also bet that apps 
like ark have a hugely overlapped set). If we had infinite analysis spend, what % of the 
graph each app has pulled would be an interesting thing to track.” 98 Rajaram: “Someone 
like Pinterest probably has access to our entire graph. At least Pinterest writes back to the 
graph. Isnt this similar to Google search, where Google’s search index is basically identical to 
our social graph, and Google does not let anyone access the search index through an API?... 

Doug - have we had a discussion with zuck recently about policies around partners who don’t 



GRAPH FROM LESSIN STARTS OVERTAKING PURDY WHO ISN’T WORRIED AS 
MUCH. THEY ARE PARANOID TRACKING A COMPANY THAT HAD RAISED LESS 


THAN $5M IN ORDER TO BE ABLE TO SHUT THEM DOWN OR BUY THEM FOR 
NOTHING. 


FB-01390482 - Shaffer email to Lessin Rait on new OG sharing model. 

FB-01390601 - Lessin and Patrick Riley (Ark.com CEO and Founder) exchange emails. Lessin 
wants an invite to use Ark. Riley emails him telling him he’ll get him an invite soon and 
explaining how they don’t violate policies etc pre-emptively. Lessin: “Haha - thanks for the kind 
words Patrick - I would love an invite as soon as you guys are ready to open up at all / add 
anyone... I am not worried about policies, etc. I am just curious re: what you are building / 
want to understand more. Hope our paths cross soon and looking forward to an invite.” 

LESSIN DOES RECON ON ARK. 

FB-01390777 - Jan 2012 Path employee Nathan Folkman sends email to Shaffe at FB with Matt 
Welty and Dave Morin at Path copied. Morin adds Lessin to email. Lessin replies: “Looking into 
it!” They ask Dirk Stoop and Jocelyn Goldfein. Lessin writes: “For albums published by 
applications, it should be == to their GDP setting.” 

FB-01391065 - Aug 2014 Sukhar review of Cross exceeding expectations for all his work on 
psl2n f8 

FB-01391332 - Cross March 14, 2014 email to platfonn team product leads in run up to f8. “API 
Versioning and support for versioning in Developer Tools. ** We made a key decision about 
naming. What we’ve been calling “Classic” I.e. The current API will now be renamed vl.0. The 
new version of the API we’re launching at f8 which we had been calling vl.0 will now be called 
v2.0. This seems annoying, and is non-trivial work to change, but as we began to discuss how to 
refer to the current/classic API surface area, we had no good name. Classic was a joke, ‘legacy’ 
is what everything becomes anyway etc. This change will map to how developers think of it. The 
current graph API 2.0 is vl.0, the new version is v2.0. Win. This means after f8, if you omit a 
version number (unversioned) you’ll get the current behavior. Same if you specify vl.0. You’ll 
soon get the new behavior when you specify v2.0.” GRAPH API 2.0 NAME WAS DECIDED 
UPON 6 WEEKS BEFORE F8. 

FB-01391357 - Cross Sukhar March 18, 2014 chat. Cross; “Quick heads up -1 looked at 
the content plan for f8 - and there was no where in 20 sessions, that we were teling devs 
how to opt into stuff like app-scoped IDs, and the things we’ve built to make it OK.... I 
pretty strongly feel we need a place to explain to devs - at a code level and database - what 
they need to do to move to the new model.” Sukhar: “Yeah I spoke to Fran about this. I 
think we need a high level description and title that isn’t totally negative.” Cross: “we 
actually have lots of positive stuff to talk about that developers will love and make the 
transition actually OK...insain that we’re planning on 45 mins on unity, when we have not 
space to talk about the details of app-scoped IDs - which affect every single app on 
Platform.” Sukhar not aware that they are calling it 2.0. Cross says they are. Cross says 
“yeah, sorry, we only discussed this in the PS12n catchup late on Thurs.”Cross: “main 
reason was that we were consistently having problems working out to refer to the 
current/classic API.” Sukhar: “I think you are right that we need to feature the migration 





stuff a lot more. I would prefer it to be tied into something more positive but maybe that’s 
not possible.” 

FB-01391688 - Dec 2013 Cross Sukhar meet and Cross moves over to his team. 


GOALS/TOPICS 


1. MOTIVATIONS FOR CHANGES BEING COMPETITIVE, 
ZUCKERBERG/OLIVAN/LESSIN SPEARHEADING. 

2. TYING LOGIN V4 AND GRAPH API 2.0 TOGETHER WAS PURELY 
MESSAGING AND DESIGNED TO CONCEAL TRUE MOTIVATIONS BEHIND 
GRAPH API 2.0. 

3. INTERNAL ANGST OVER CHANGES - WHO WAS CONCERNED? PARSE 
MORALE? KEY PARSE PEOPLE AGAINST? 

4. ENGINEERING TEAM COMPLETELY IGNORED PRIVACY ISSUES, MADE 
IMPOSSIBLE FOR DEVS TO HANDLE PRIVACY 

5. PARSE BEING ANOTHER BAIT AND SWITCH - SHUTTING DOWN PARSE, 
FB STILL USING PARSE? DEVELOPERS IMPACTED BY PARSE SHUT 
DOWN? WHY SUKHAR LEFT FACEBOOK? CURRENT INTERACTIONS 
WITH FACEBOOK? 


Sukhar Deposition Script 


What is your current job and title and who do you report to? 



What titles did you hold and in what years at Facebook? 

Who did you report to directly when you held these titles? 

How many employees reported to you directly when you held these titles? What were 
the responsibilities of these employees? 

Have you ever been deposed before? In what context? 

What materials did you review to prepare for this deposition? 

Who have you spoken with about this deposition? 

You founded Parse in 2011 with Kevin Lacker and others, correct? 

Parse provided a suite of back-end services that made it much easier to build and 
launch mobile apps, correct? 

And Facebook acquired Parse in 2013 for around $80-100M, correct? In April 2013? 

When you were negotiating the Parse sale, did Facebook tell you that it intended to 
support the developer ecosystem and that was one rationale for purchasing Parse? 
[Facebook didn’t tell you that it wanted to support the developer ecosystem?] 

Who at Facebook told you this? Did Zuckerberg communicate this to you? 

And is it fair to say that Facebook’s developer ecosystem at the time included the 
social graph? 

Is it fair to say that Facebook told you during these negotiations that Parse would be 
another addition to Facebook’s support of the developer ecosystem along with the 
social graph and data made available in Facebook Platform? 

And Zuckerberg told you this directly? [Zuckerberg never brought up the social graph 
when discussing Facebook’s commitment to the developer ecosystem as part of your 
negotiations in selling Parse?] 

After the acquisition, you took on responsibility for developer-facing products, not just 
Parse, but other products like Login and Graph API and privacy, correct? [If he 
equivocates, tell him his Linkedln profile says as much and so just ask him to verify his 
Linkedln profile is accurate.] 

98_TC Parse Acquisition - This is a TechCrunch article announcing Facebook’s 
acquisition of Parse, correct? And if you go to page 4 at the top, TechCrunch quotes 
your announcement of the acquisition where you say “Rest assured, Parse is not going 



away. It’s going to get better. We’ve worked with Facebook for some time, and 
together we will continue offering our products and services.” Did I read that correctly? 

And then, Doug Purdy at Facebook has his own announcement lower on that same 
page where he talks about Facebook’s commitment to developers on Mobile, including 
Open Graph for mobile, saying that “today, we’re making it even easier to build mobile 
apps with Facebook Platform by announcing that we have entered into an agreement 
to acquire Parse.” Did I read that correctly? 

And then he says: “We’ve worked closely with the Parse team and have seen first-hand 
how important their solutions and platform are to developers. We don’t intend to 
change this. We will continue offering their products and services....” Did I read that 
correctly? 

Is it fair to say that around the time of the acquisition you thought that Facebook’s 
unique and graph of social connections made available in Facebook Platform 
combined with the beautiful back-end experience Parse provides could really create an 
awesome ecosystem for developers to build amazing new experiences for consumers? 

Is it fair to say that many developers relied on these statements and invested time, 
money and resources in building their apps on Parse? 

Is it fair to say that some of these developers built applications that might be 
competitive with some of Facebook’s own current or planned products? [Well, were 
any apps built by developers using Parse focused on messaging, contacts, sharing, 
identity, lifestyle, photos, videos or other app categories that drive most of Facebook’s 
revenues? It’s possible some of Parse’s apps were these kinds of apps, right? So, 
some of the apps using Parse could be competitive with Facebook’s own apps, right?] 

How long were you at Facebook until you realized that Facebook planned to shut down 
Platform developers’ access to the social graph for purely competitive reasons? 
[Facebook didn’t do that] 

So you can testify sitting here today under penalty of perjury that you are not aware of 
Facebook shutting down access to data it promised would be publicly available for the 
purpose of damaging or eliminating competitive apps? 

You can testify sitting here today that you don’t think Facebook was motivated by 
competitive considerations when it announced Graph API 2.0? Are you sure? [OK - 
we’ll come back to that] 

How long were you at Facebook before you realized that Facebook intended to shut 
down Parse? [When did you first become aware that Facebook would shut down 
Parse?] 

Who at Facebook told you and what was the rationale they gave you? 



What did Zuckerberg say about shutting down Parse when you spoke with him about 
it? 


Facebook announced it was shutting down Parse in January 2016, correct? 

What was the reason Facebook told developers it was shutting down Parse? 

What was your understanding at the time as to why Facebook shut down Parse? 

Flow many developers were using Parse when Facebook announced it was shutting 
down in January 2016? [Roughly, order of magnitude - should be about 500,000] 

So over [500,000] developers had to invest time, money or resources in switching 
back-end services before January 2017 to make sure their apps wouldn’t break, 
correct? 

Is it fair to say that in investing these resources, it is possible developers would have 
less resources to invest in other areas of their business? [That seems obvious, no? 
Developers have finite resources, when they need to be allocated in one place that 
leaves less resources for other areas like feature development, marketing, etc?] 

And in January 2017, Facebook shut down Parse, correct? 

Was any of the code built by your team at Parse still in use for Facebook’s own internal 
applications after January 2017? [If “no,” so the Parse code and services were 
completely removed from all Facebook products by January 2017?; if “yes,” so 
Facebook can access today some Parse code and services that have not been open 
sourced to developers?] 

So, going back to the Techcrunch article for a moment, it’s fair to say that in 2013 
Facebook represented developers could rely on Parse to build their applications? 

And it’s fair to say that many of those developers built applications that might compete 
with Facebook’s own applications? 

And it’s fair to say that when Facebook announced it was shutting down Parse, those 
developers had to allocate resources, including capital and time, to ensure their apps 
wouldn’t break because of Facebook’s decision? 


And it’s fair to say that when a developer devotes resources to a back-end service like 
this, the developer may have less resources to devote to feature development or new 
product development, even if the resource constraint was only temporary? 



So it’s simply a fact that Facebook’s decision to shut down Parse negatively impacted 
at least some apps that were competitive with Facebook, whether or not that was 
Facebook’s motivation for shutting down Parse? 

When did you leave Facebook in 2016? Why? 

When is the last time you spoke with Zuckerberg? What did you discuss? 

Do you still have any personal financial interest in Facebook, such as stock you 
acquired from the acquisition? 

When did Kevin Lacker leave Facebook? Why? [You were close, you must have 
spoken with him about this during this time - what is your best reasonable belief as to 
why Kevin left?] Does Kevin still have any personal financial interest in Facebook? 

99_TAC - this is 643’s Third Amended Complaint. Have you seen this document? 

Have you read it? 

You’ll see on the first page you are named as a Defendant in this complaint. Do you 
see that? 

When did you first become aware that 643 sought to make you a defendant in this 
matter? Who told you? 

643 alleges that beginning in 2012, Zuckerberg, Lessin, Olivan, Cox and Vernal 
decided to damage competitive apps on Facebook Platform by restricting access to 
the social graph. Do you agree that Facebook’s decision to restrict access to the social 
graph under PS12N, P3.0,Graph API 2.0 or other synonyms for the project was 
motivated by competitive considerations? [You never expressed concerns that 
Facebook was doing this for anti-competitive reasons and that it might come back to 
bite Facebook?] 

643 also alleges that beginning in 2013 Zuckerberg created a false narrative around 
user trust in order to mask the competitive motivations for the Graph API 2.0 change, 
and that you begrudgingly carried water for Zuckerberg in disseminating this false 
narrative. Do you deny that at Zuckerberg’s instruction you disseminated this narrative 
around the social graph being shut down to developers for reasons related to user 
trust? 

Are you aware that if 643 prevails in this matter you may be held personally liable for 
643’s damages, up to $92 million? 

Did you personally and unilaterally decide to announce the Graph API 2.0 changes as 
being motivated by user trust? Who did? 



Did you disseminate the user trust narrative internally among Facebook employees and 
externally among Platform developers? [You never worked on how best to 
communicate the Graph API 2.0 changes and shared the final narrative about user trust 
with other Facebook employees and Platform developers?] 

OTHER QUESTIONS YOU WOULD ASK OF A DEFENDANT - GO THROUGH JURY 
NSTRUCTIONS? NEED TO SCARE IN ORDER TO TURN 


20_FB-00477297 - This is a February 2012 email from Mr. Vernal to O’Neil and others 
regarding permissions on iOS. Vernal writes: [Read highlight on 98] and then he goes 
on to list a range of friend permissions. 

• Does Vernal say that it would be “strange” to have a social platform that did not 
allow some friends_* permissions? 

• Do you think many Platform developers would have agreed with Vernal at this 
time that it would be strange to have a social platform that did not have friends 
data? [Well, you oversaw Platform developers at Facebook, right? So you must 
have some reasonable belief as to the mental model of Platform developers. 
After all it was your job...] 

• Did Facebook remove the friends_* permissions from the public Graph API on 
April 30, 2015? 

21_FB-00474412 -This is a March 2012 email between O’Neil and others. O’Neil 
writes: [Read highlight on 13]. 

• Does O’Neil write that it is possible for a developer to interpret “deprecate” as 
“delete” and that it is also possible for a developer to interpret “deprecate” as 
something other than “delete”? [If no, say, “Isn’t this exactly what Karan Mangla 
did in the note to which O’Neil responds? Why else would Mr. O’Neil need to 
clarify that?”] 

• Does O’Neil say that the checkin API will be around for a long time? 

• You know Mr. O’Neil, right? You worked with him regularly for a few years? 

• Why do you think Mr. O’Neil believes this API will be around for a long time? 

22_FB-00495737 - this is a summary of a March 2012 Q&A with Mr. Zuckerberg. 

Ms. Bouchard summarizes Zuckerberg’s statements, noting: [Read highlight on 37], 

• Does Mr. Zuckerberg say in this summary that Facebook intends to build social 
versions of apps common on smartphones? 








• Does Mr. Zuckerberg say that people will be able to replace “whole parts of their 
phones” with Facebook apps? 

• Is it fair to say that many [some?] of the strategic decisions Mr. Zuckerberg 
made from 2013 to 2016 were focused on making Facebook the dominant app 
ecosystem on a smartphone? 

1_FB-0000075 - at the bottom of 77 you can see the April 30, 2014 announcement of 
Graph API 2.0 - “A more stable platform with Versioning and Graph API 2.0”. 

• Is this an official announcement of Graph API 2.0 on Facebook’s public 
website? 

• Was Graph API 2.0 the change that removed access to friends lists, friends 
photos, read_stream and other permissions on April 30, 2015? 

• Does this section at the bottom of 77 and top of 78 state specifically that 
Facebook is removing access to the full friends list and photos list? [No] [Well, 
does it use the words “friends” or “photos” or any synonyms of those words?] 

• At the bottom of this announcement, at the top of 78, does it say that Facebook 
is removing, quote “several rarely used API endpoints”? 

• Were the friends list and friends photos among the endpoints Facebook 
includes in this phrase “several rarely used API endpoints”? 

• [If “IDK” or “no,” say: if you go to the changelog linked right after this phrase, on 
94 of this exhibit, the friends list and friends photos permissions appear along 
with a few dozen other types of data, correct? So Facebook says to check the 
changelog for rarely used permissions, and then when you check the changelog 
you see the friends list and friends photos permissions?] 

• Were the friends list and friends photos permissions rarely used by developers 
at this time compared to other types of data Facebook made available to 
developers? 

• Did this announcement of Graph API 2.0 on the bottom of 77 and top of 78 state 
that Facebook was privatizing or charging for these or any APIs? 

23_FB-00423235 - This is an October 2012 message from Mike Vernal to various FB 
employees. Please take the time to read Vernal’s note. 

• This note was sent before you joined Facebook, right? 



• Were you aware that Facebook had planned to dramatically restrict the Read 
API in social graph before you sold Parse to Facebook? 

• If you had known that Facebook intended to dramatically restrict the social 
graph, would that have at least been a factor in your decision whether to sell 
Parse to Facebook? 

• Do you feel that Facebook misled you regarding its intentions to support its 
developer ecosystem during your negotiations to sell Parse? [Go back to 
answers regarding Zuckerberg’s representations about the social graph when 
negotiating the sale of Parse, expose inconsistencies] 

• Mr. Vernal mentions restricting the newsfeed (stream), friends list and friends 
permissions in this note, correct? 

• How many times do you see the phrase “user privacy,” “user control” or “user 
trust” in Vernal’s note? 

• After this note, Facebook employees began auditing and blacklisting 
competitive apps on Facebook Platform. They also began using social graph 
data as a carrot to get developers to make large NEKO purchases in order to 
get whitelist access to the data they had come to rely upon in their apps. This is 
very well documented in the record before the Court. Once you became aware 
of this, did you express concerns about Facebook violating its representations 
of a fair and neutral developer platform? 

• Did you express concerns that Facebook was engaging in improper behavior by 
giving competitive advantages to certain companies at the expense of others? 

• During 2013, why did you think Facebook was engaging in this competitive data 
restriction exercise? 

• You didn’t think this was at least in part designed to address competitive 
messaging apps like WhatsApp? 

26_FB-00429152 - This is a December 2012 email string between O’Neil and others. 

On 59, Ling Bao, a Facebook employee, lists the “top 10 most popularly requested 
permissions”. Do you see that? 

• Is “friends_photos” one of the top 10 most requested permissions? 

• Is “friends_birthday” one of the top 10 most requested permissions? 



Is “publish_stream” one of the top 10 most requested permissions? 


• Is “friends_birthday” one of the top 10 most requested permissions? 

• How many of the top 10 most popularly requested permissions were removed 
from Facebook’s public APIs on April 30, 2015? [should be at least 4: email, 
publish_stream, friends_photos, friends_birthday] 

• This data showing the top 10 requested permissions is from December 2012, 
correct? 

• So it’s about one month or so after Vernal’s note to employees that he, 
Zuckerberg and others had decided to prevent developers from accessing this 
exact data? 

• So at the time Zuckerberg, Vernal and others decided to restrict this data, it was 
the most widely used data on Facebook? 

• So was Facebook lying when it announced in April 2014 that it was removing 
the stream, friends list and friends permissions because they were “rarely 
used”? [If “no” or “IDK,” so are you saying that between January 2013 and April 
2014, developer use of these permissions fell off a cliff? Are you sure about 
that?] 

29_FB-00241059 - This is an April 2013 presentation titled “Tough Platform 
Questions”. [Read highlights on 60], Does this say that Facebook users can choose 
which specific types of data and which specific apps can access their data? [yes] 

34_FB-00433791 - This is an August 2013 chat string between Vernal, Purdy, you and 
others discussing Platform 3.0 changes. Vernal writes: [Read first highlight on 92 
“Neither Platform 3.0...to be clear”]. Koumouzelis then agrees: [Read second highlight 
on 92 “I think all...finalizing any names here”]. 

• What was the final external name Facebook decided on for the Platform 3.0 or 
Platform Simplification or PS12N changes? [Graph API 2.0 or Loginv4], 

• Who decided upon that name? When was that name decided upon? 

• Were many of the changes discussed as part of Platform 3.0 implemented as 
part of the Graph API 2.0 changes that took effect April 30, 2015? 

• So the friend_* permissions and the non-app friends changes were part of both 
Platform 3.0 and Graph API 2.0? 



Purdy then writes at the bottom of 92 that they should use this conversation to review 
a presentation for Mr. Zuckerberg. Vernal then writes: [read highlight at top of 93 
“Here’s my sense...are safe to use, and which aren’t”]. 

• Who does Mr. Vernal state he is going to discuss the Platform 3.0 narrative 
with? 

• Did you attend this meeting between Messrs. Vernal and Zuckerberg shortly 
after August 23, 2013? 

• Can you confirm who attended this meeting with Messrs. Vernal and Zuckerberg 
shortly after August 23, 2013? 

• Does Mr. Vernal state that Facebook’s goal is to fix the parts of Platform that no 
longer make business sense? 

• Does Mr. Vernal state that developers need to understand and adapt to 
Facebook’s incentives and business model? 

• Does Mr. Vernal state that Facebook does not invest in APIs where there is no 
clear business model? 

• Does he imply that the Event, Group and Photos APIs are among that group of 
APIs for which there is no clear business model? 

• Does he imply that Facebook supports its Games and NEKO APIs on Facebook 
Platform because they make Facebook money? 

• Does he state that as part of the Platform 3.0 changes Facebook will deprecate 
“a majority of the API surface”? 

• What does “majority of API surface” mean? 

• Does it mean that many of the popular endpoints that developers are using the 
most and have built their businesses around will be removed? 

• Does “majority of API surface” mean “rarely used” API endpoints? 

35_FB-00477024 - This is an August 2013 chat string between O’Neil and 
Koumouzelis. Mr. O’Neil writes: [read first and second highlights on 24 “I think 
getting...Netflix to understand”]. 

• What does Mr. O’Neil mean when he states that losing access to the full friends 
list and friends_*permissions is going to be like withdrawing from meth? 




• Why will it be hard for Netflix to understand? 

• In August 2013, was Netflix accessing data from Facebook that was not 
generally available to all developers? 

• After April 30, 2015, did Netflix access data from Facebook that was not 
generally available to all developers? 

• Did Netflix access data from Facebook after April 2015 that is not generally 
available to all developers? 

Koumouzelis responds: [read third and fourth highlights on 24], 

• What is Mr. Koumouzelis’ title and who does he report to? 

• Does Mr. Koumouzelis refer to special APIs? What is a special API? 

• Does Mr. Koumouzelis imply that you need to be on a whitelist to access special 
APIs? 

• Does Mr. Koumouzelis state that after removing friends.get it will be known that 
some developers have access to special APIs? 

• Does Mr. Koumouzelis imply that as of August 14, 2013 at least some 
developers don’t know that other developers have access to special APIs? 

Mr. O’Neil responds: [read fifth highlight], 

• Does Mr. O’Neil state that some apps will still be able to access friends because 
they are whitelisted? 

• Does Mr. O’Neil imply that the user trust message is diluted when Facebook 
gives special access to data to certain developers but not others? 

Koumouzelis responds: [read sixth and seventh highlights at bottom of 24 and first four 

highlights on 25 “yeah - I think we need to finesse...approval from product], 

• Does Mr. Koumouzelis agree that the messaging needs to be finessed? 

• Does Mr. Koumouzelis imply that a key motivation for these Platform 3.0 
changes and in particular the friends permission changes is to protect Facebook 
from competition? 



• Does Mr. Koumouzelis describe a process where approval for developers to 
access certain data might be reviewed by a member of the Facebook product 
team directly? 

• Was it typical from 2010 up to this time for a Facebook product team member to 
directly participate in decisions regarding a developer’s app being allowed on 
Facebook? 

• Have you encountered any situations in which a Facebook product team 
member influenced which apps or features the policy and operations team 
permitted on Facebook Platform and which would be rejected? [If “no,” then 
say: the entire time you’ve been a Facebook employee, you’ve never been 
involved in a situation where an employee working on one of Facebook’s own 
products influenced the approval or rejection of a specific app or feature on 
Facebook Platform?; if “yes,” document specifics], 

36_FB-00455361 - this is an August 2013 chat string between you, Vernal, Purdy and 
others discussing Platform Simplification. Mr. Purdy writes at the top of 73: [read first 
highlight on 73], 

• Who does Mr. Purdy imply rejected the principle where users could take their 
data to other apps? 

• Who is Javi? 

• What is Javier Olivan’s title and who does he report to? 

• What is the Growth team’s primary responsibility? 

• When Mr. Purdy says the “FB replacement game,” is he referring to a change in 
executive level management at Facebook? 

Mr. Purdy continues at the bottom of 73 and top of 74, writing that he made an attempt 
to bucket the different data permissions into five categories. 

• Are the names of the five categories: Kill, Facebook-only, Partner, Platform 
Core, and Platform Experimental? 

• Was the Experimental bucket also referred to as a Beta bucket and later on as 
an Extended bucket? [confirm those three terms are synonyms] 

• Who does Mr. Purdy say decides which APIs belong in the Kill bucket for the 
purpose of this exercise? [Vernal] 



• Who does Mr. Purdy reference preparing a slide for covering this recommended 
bucketing system? [Zuckerberg] 

• Did you attend the meeting in which Mr. Purdy presented a slide covering this 
information to Mr. Zuckerberg in August 2013? 

• Who else attended this meeting? 

• Did you email or chat directly with Zuckerberg during August 2013 or the 
second half of 2013 regarding the Platform business model changes and data 
restrictions? How often? 

• Which Facebook executives emailed or chatted directly with Zuckerberg most 
frequently during the second half of 2013 regarding the Platform business model 
changes and data restrictions? 

• When was your first discussion with Zuckerberg regarding the Platform 
Business Model changes? What did he say to you in that discussion? 

37_FB-00527170 - This is an August 2013 email string between you, Vernal, Purdy and 
others regarding Core and Beta APIs. At the bottom of 70, see that Mr. Purdy writes 
that he has attached a presentation around the API narrative “to include all the things 
we have talked to Mark about recently.” Is that Zuckerberg? [Could it be another 
Mark?] 


• Did you attend any of these meetings in August 2013 with Mr. Zuckerberg, 
Purdy, Vernal, and others? [yes] 

Mr. Vernal then responds to a statement from you around pushing APIs from Beta to 
Core over time. [Read first highlight at top of 70 “I think the core...this problem”]. 

• Does Mr. Vernal suggest that Facebook has no intention of moving Beta APIs 
into Core APIs in the foreseeable future? 

Mr. Vernal then discusses having a Service Level Agreement for Beta APIs. [Read 
second highlight at top of 70], 

• Does Mr. Vernal state that what Facebook is doing today for some Graph API or 
other API endpoints is “just triaging bugs and having teams ignore them”? 

• Are you aware of Facebook ignoring privacy bugs related to the Platform during 
your time there? [So to your knowledge Facebook quickly addressed any 
potential privacy issues regarding data permissions on Facebook Platform?] 



38_FB-00433779 - This is an August 2013 chat string between you, Vernal, Purdy and 
various others. You write: [Read first highlight on 81 “Just catching up...competitive 
apps”]. 


• Do you ask here if Facebook can define its Core API without relying on 
competitive considerations? 

Purdy responds: [Read all the remaining highlights on 81 and top of 82 from Purdy 
“that is sharing...competitors overtime”]. 

• Does Purdy respond to you that the only Facebook Platform permission that is 
not competitive with Facebook is “sharing”? 

• Who does Purdy say hates that Facebook Platform even lets developers access 
a user’s profile picture? [Javi Olivan]. 

• And who does Mr. Olivan report to? [Zuckerberg] 

• Who does Purdy discuss a restricted level of access with? [Vernal] 

• Does Purdy say that if sharing was the only permission Facebook Platform 
allowed, then Facebook would “leak nothing,” meaning “no user data would be 
given to competitors”? 

• Who does Purdy say should weigh in? [Vernal and Zuckerberg] 

• What does Purdy state he is under pressure to do on the fourth line of 82? 

• Who put Purdy under this pressure? [Zuckerberg, Olivan, Cox, Lessin, Vernal] 

• Who would you suspect put Purdy under this pressure? 

• Who had the authority to put Purdy under this pressure? 

• Who does Purdy report to? [Vernal] 

• Who does Vernal report to? [Zuckerberg] 

You then respond: [Read third highlight on 82 “Yeah, that makes sense...better than 
status quo”]. 




What do you suggest Facebook needs a crisp story around? 




• Do you suggest that letting competitive apps know what they can access is 
better than the ambiguous situation competitive apps are in now? 

• What was the situation competitive apps were in at this time? 

Vernal then lists different data permissions on the bottom of 82 and top of 83. 
Regarding competitors’ access to photos, Vernal writes: [Read highlight at top of 83]. 

• What is Vernal’s recommendation regarding photos? 

• By “kill all non-profile photos,” does he mean remove developer access via 
Graph API to all of those photos? 

• Is it fair to say that the people involved in this discussion are receiving guidance 
from Zuckerberg on the topics being discussed? 

• Is it fair to say that protecting against competitive threats is a key motivation for 
the people involved in this discussion when discussing the decision to restrict 
access to data? 

• And the data being discussed includes friends lists, read_stream (newsfeed), 
and friends photos? 

39_FB-00573558 - This is an August 2013 email from Purdy after the Zuckerberg 
meeting on August 27, 2013. The subject of the email is “PS12N Zuck review”. Purdy 
writes: [read all highlights on 58 “any backchanneL.week by Friday], 

• Did you personally attend this meeting on August 27, 2013 with Mr. 
Zuckerberg? [yes] 

• Who does Purdy ask for backchannel feedback from Mr. Zuckerberg? [Vernal]. 
Why would Purdy ask Vernal for Zuckerberg’s feedback? 

• Who asked Purdy to get answers to Zuckerberg’s main questions? [Vernal] 

• What is a “rm API”? [If IDK, would Mr. Zuckerberg know the answer to that? 
Who would know the answer to that?] 

• Is one of Mr. Zuckerberg’s questions asking if a world class photo product 
needs an API? 

• Does Purdy characterize Mr. Zuckerberg as suggesting that if Facebook 
Platform already has a Photos API, then they are imposing a burden on the 
team? 



• What burden specifically? [If IDK, would Mr. Zuckerberg know the answer to 
that? Who would know the answer to that?] 

• Does Purdy state that they will have another meeting with Zuckerberg about 
this next week? 

• How frequently did Purdy, Vernal, and you meet with Zuckerberg regarding 
Platform 3.0, or Graph API 2.0, changes during the second half of 2013? 

• Did Zuckerberg regularly meet with other Facebook executives or employees 
about P3.0 data restrictions without you? [You have no idea if Zuckerberg held 
meetings about P3.0 data restrictions without you being present? You have no 
idea who these meetings were with?] 

42_FB-00551862 - This is an August 2013 email from Kevin Lacker, who writes: [Read 
highlight on 62], 

• Does Mr. Lacker state that when Facebook gives Private API access to 
Developer A and not Developer B that Developer A can do things in its 
application that Developer B cannot? 

• Does Mr. Lacker imply that this might give Developer A an advantage relative to 
Developer? 

• Does Mr. Lacker imply that it is more likely that a developer obtains this 
advantage if the developer is friends with someone at Facebook? 

• What were Mr. Lacker’s impressions around this time regarding the P3.0 data 
restrictions? 

• Would Mr. Lacker agree with the statement that Facebook was taking punitive 
action against developers for purely competitive reasons? 

• Would you agree with that statement? [You wouldn’t? You have never stated 
that that is what Facebook was doing around this time?] 

• It sounds like Mr. Lacker is agreeing with much of what 643 alleges in its 
Complaint. Do you think that’s a fair statement? 

43_FB-00555295 - This is an August 2013 email exchange between you, Koumouzelis, 
Purdy and others regarding which types of data to shut down as part of the Platform 
3.0 changes. Koumouzelis writes: [Read highlight at top of 97 “Doug & Mike...strategic 
partners”]. 



• Does Koumouzelis state that Purdy and Vernal plan on restricting all feed data 
except to a “whitelist for strategic partners”? 

Mr. Himel then asks: [Read highlight on 96], Koumouzelis responds: [Read highlight on 
95], 


Does Koumouzelis state that developers who will be whitelisted are likely to be 
the ones with non-standard contracts or strategic relationships with Facebook? 

Could a non-standard contract sometimes be a contract that gives a developer 
access to data that is not available in public Graph APIs? 

Could a strategic relationship with Facebook sometimes involve a developer 
purchasing advertising sold by Facebook? 

Would a strategic relationship with Facebook often involve financial 
consideration of some kind passing from the developer to Facebook? 

Does Koumouzelis’ answer to Himel’s question about how to determine which 
apps to whitelist refer to either user privacy or user trust as factors to consider? 

Did you have any concerns or problems around this time with Facebook 
whitelisting all of its close partners and leaving all other developers out in the 
cold? 

Who at Facebook had concerns or problems with Zuckerberg’s plan to restrict 
data access to competitors around this time? [You’re not aware of any 
Facebook or former Parse employees having any problems with this plan?] 

Who else? 

Is it fair to say that a key part of your job was explaining these changes in a 
manner that Facebook employees and eventually the developer community 
could stomach? 

Who created the narrative and explanation for these changes that you shared 
with other Facebook employees in late 2013 and early 2014? 

Did you create this narrative yourself and unilaterally decide to disseminate it to 
Facebook employees and eventually Platform developers? 


So someone else created this narrative and made the decision to disseminate it 
as the explanation for the Graph API 2.0 changes? But you don’t know who? 




44_FB-00061365 - This is an August 2013 email string involving Lessin, Archibong, 
Chang and Papamiltiadis. Take a moment to familiarize yourself with the email string. 

• Who ran the identity team at this time? 

• Who are Sam and Matt? [Sam is Lessin. Matt is who? Is it reasonable to 
conclude that the “Sam” referred to here is Mr. Lessin? Could it be another Sam 
on the identity team?] 

• Why would Archibong on the Platform operations and policy team need to 
speak with Mr. Lessin in order to determine whether to permit developers to 
access certain kinds of data on Facebook Platform? 

• What was Lessin’s title at this time and who did he report to? 

• Would you consider Sam Lessin a confidant of Mr. Zuckerberg? [Well, would 
you say that he was superior to you in the ranks of Facebook’s executives? 
Would you say he communicated more frequently with Zuckerberg than most 
other Facebook employees with whom you interacted? Do you think Facebook 
employees would consider Sam Lessin a confidant of Mr. Zuckerberg?] 

• Were you and Mr. Lessin of the same mind regarding the Platform 3.0 changes? 
How would you characterize your difference of opinion regarding these 
changes? 

• What were Mr. Lessin’s primary motivations in influencing and directing 
Facebook employees to shut down access to data under Platform 3.0? 

Well, you see here on 66, Mr. Lessin responds: [Read highlight on 66 “my gut is 
pretty...leak data”]. 

• Does Mr. Lessin state that Facebook should shut down access to friends data 
for lifestyle apps? 

• Does Mr. Lessin state that Facebook should shut down access to friends data 
for lifestyle apps because of user privacy? 

• Does Mr. Lessin state that Facebook should shut down access to friends data 
for lifestyle apps because of user trust? 

• Does Mr. Lessin state that Facebook should shut down access to friends data 
for lifestyle apps because they are ultimately competitive with Facebook? 



45_FB-00473314 - This is an August 2013 email between you, Vernal, Purdy, Daniels 
and others regarding a meeting with Zuckerberg on Platform 3.0 changes. Daniels 
writes: [Read second highlight entirely at bottom of 15 “I thought Mark’s 
questions...our Photos APIs”]. 

• Who is Mark? [Zuckerberg] 

• Does Mr. Daniels write that, based on a meeting with Zuckerberg, it would be a 
good exercise to categorize the different APIs based on their “rationale” for 
getting rid of them? 

• Is one of the categories: APIs Facebook is eliminating for strategic reasons? 

• Is friends.get, the full friends list, one of the APIs Daniels states they are 
eliminating for strategic reasons? 

• When does Daniels say they should shut down these APIs they are eliminating 
for strategic reasons? 

• What do you think Daniels’ means by “strategic reasons”? 

• Is one of the categories: APIs Facebook is eliminating due to developer 
perception - that is, APIs that are not properly maintained? 

• Does Daniels write that these APIs should be shut down all at once and that it 
should be explained to developers that they are being shut down in part 
because they’re not used? 

• Is one of the categories: APIs Facebook is eliminating due to a lack of resources 
to support them? 

• Who does Mr. Daniels say gave feedback about this category? 

• Does Daniels say that Zuckerberg gave feedback that they should be careful 
about completely removing these APIs? 

• Does Daniels say that they need to be careful because many partners use these 
APIs and there are a bunch of contracts that involve these APIs? 


Does Daniels mention that Apple’s use of the Photos APIs is one example in this 
category? 




• Did Apple have permissions to read or write data regarding Facebook photos 
after April 30, 2015 that was not available to all developers on Facebook 
Platform? 

• Did Apple have permissions to read or write data regarding Facebook photos 
before April 30, 2015 that was not available to all developers on Facebook 
Platform? 

• Does Daniels specifically describe a bucket of APIs they are eliminating in order 
to restore user trust or promote user privacy? 

• Did you hear this feedback Daniels describes firsthand from Mr. Zuckerberg on 
or around August 27, 2013? 

• From whom was this feedback communicated to you? 

Mr. Vernal then responds to Daniels: [Read bottom three highlights on 14 and top 
highlight on 15 from Vernal “I don’t think the exercise...business cost be?”]. 

• Does Mr. Vernal use the same phrase, “strategic reason,” that Mr. Daniels used 
in the passage we just read? 

• Does Mr. Vernal say that Facebook needs to have “some strategic rationale” to 
keep the Photos API? 

• Does Mr. Vernal use the phrases “user experience,” “user privacy” or “user 
trust” anywhere in this particular email when describing that strategic reason or 
strategic rationale? 

• Does Mr. Vernal say that the question they should be asking when considering 
to remove an API is what the business cost would be if they removed it? 

• Does Mr. Vernal say that the question they should be asking when considering 
to remove an API is whether that API damages user trust or user privacy? 

• Does Mr. Vernal say that they shouldn’t keep the Photos API just for “data 
portability” reasons? 

• Did any companies have permissions related to the Friends API or Photos API 
after April 30, 2015 that were not available to all developers who integrated with 
Facebook Platform? [If “IDK,” how would you find out? Is there a tool you could 
use to check? What capabilities would you look for? If “yes,” How many? Who? 
How many of these developers had contracts with Facebook to purchase 
advertising?] 



• Did any companies after April 30, 2015 have permissions related to the Friends 
API, Photos API or Newsfeed API that were not available to all developers who 
integrate with Facebook Platform? 

Daniels responds to Vernal: [Read top two highlights on 14 “My point isn’t...partner 
thrash”]. 

• Does Mr. Daniels state that it is his understanding after this August 27, 2013 
meeting with Mr. Zuckerberg that Facebook should be “ruthless” when shutting 
down APIs for strategic reasons? 

• Does Mr. Daniels state that he is glad to hear they won’t fully shut down the 
APIs but will keep them available for “limited partners”? 

• Is it fair to say that you, Vernal, Daniels, Purdy and the others on this email string 
are of the opinion following their meeting with Mr. Zuckerberg that Facebook will 
shut down public access to many of its APIs for strategic reasons but still keep 
them available to close Facebook partners? 

• Did Mr. Zuckerberg communicate to you directly at any time that Platform 3.0 or 
Graph API 2.0 changes were motivated by Facebook’s desire to damage or 
eliminate competitive threats? [Never?] 

46_FB-00577598 -This is an October 2013 presentation entitled Platform 
Simplification. If you go to 637 you’ll see that permissions like non app friends, friends 
permissions and newsfeed are placed in a bucket of private APIs for partners who 
“need a contract” with Facebook. Do you see that? 

Now look at 644. This slide says that one of the changes to protect the graph is to 
deprecate read_stream. That permission relates to developer’s ability to interact with 
Facebook’s Newsfeed, right? It then says that deprecating read_stream is a “hi-pri 
directive from Mark”. Is that right? 

• Does this slide say that removing developer access to the read_stream 
permission is a high priority directive from Mr. Zuckerberg? [Is there another 
Mark who could give a high priority directive to remove developer access to one 
of Facebook’s most popular and valuable features?] 

• Did you receive this high priority directive from Mr. Zuckerberg personally? What 
did he say to you? Did he say this in writing or in an oral communication? 


Do you know who (else) received this high priority directive from Zuckerberg 
personally? Who would you suspect? 



Do you know when Zuckerberg gave this high priority directive? 


49_FB-00456661 - This is a September 2013 email among various Facebook 
employees discussing games and the friends permissions, with the subject “friends 
API”. Namita Gupta writes: [Read highlight on 63 and highlight on 64 “My 
recommendation...away for free”]. 

• Does Ms. Gupta write that her recommendation is to launch a friends API for 
games simultaneously with the removal of the friends API available to all 
developers? 

• Does Ms. Gupta state that Facebook feels it is giving away its friend graph for 
free to non-game developers? 

• Does Ms. Gupta state that Facebook is making an exception for games to 
continue to access friend data that is being removed from all other apps 
because Facebook gets 30% of a game’s revenues? 

• Do you feel that games may require a heightened sensitivity on Facebook’s part 
to user privacy and user trust concerns compared to non-game apps? 

• Well, games typically involve payments right? Would you say that games involve 
payments more often than non-game apps? Would you agree that typically 
where payments are involved, user trust is even more important, all else equal? 

50_FB-00478902 - This is a September 2013 chat string with you, Vernal, Purdy and 
others regarding the Graph API 2.0 changes. Purdy writes: [Read all three highlights 
from Purdy on 02 “We can get time...given the opportunity”]. 

• Does Mr. Purdy state that you all can meet with Zuckerberg that Friday, which 
was September 13, 2013, to discuss the timeline and API decisions regarding 
Graph API 2.0 or Platform 3.0 changes? 

• Does Purdy state that the next time you all can meet with Zuckerberg to discuss 
this topic is September 24, 2013? 

• Does Purdy state that the last time you all met with Zuckerberg to discuss this 
topic was two weeks ago? 

• Did you personally participate in any of these meetings on September 13 th , 24 th 
or two weeks prior to September 11 th ? 

• Do you know when these meetings were held? Were these meetings held 
roughly every two weeks? 



• Do you know who participated in these meetings? Who? 

You then respond: [Read first highlight from Sukhar on 03 “I feel like...rather than 
later”]. 


• Do you state that the team might require Mr. Zuckerberg’s input on certain 
APIs? 

• Do you imply that it would be Mr. Zuckerberg’s decision regarding whether 
Facebook can commit to maintain a particular API for 2 years? 

• Do you state it would be better to meet with Mr. Zuckerberg sooner rather than 
later so the team can finalize their plan? 

Vernal then responds: [Read second and third highlights from Vernal to bottom of page 
on 03 “Can summarize what...this stuff sooner”]. 

• Does Mr. Vernal ask you, Purdy and the others on this string to summarize what 
decisions you want Mr. Zuckerberg to make? 

• Does Mr. Vernal summarize the points you all discussed in your last meeting 
with Mr. Zuckerberg? 

• Is one of the discussion points that Facebook’s commitment to a stable core of 
APIs will entail login, sharing and payments? 

• Does Mr. Vernal list here any other APIs that would be part of this stable core? 

• Is one of the discussion points that Facebook will fully deprecate photo and 
video APIs? 

• Is one of the discussion points that it will take until January 2014 to implement 
these Graph API 2.0 or Platform 3.0 changes? 

• Does Mr. Vernal state that Mr. Zuckerberg provided feedback on these 
discussion points? 

• Does Mr. Vernal state that Mr. Zuckerberg was “fine” with stable core being 
made up of only login, sharing and payments? 

• Does Mr. Vernal state that Mr. Zuckerberg wanted them to speak with other 
teams regarding deprecating the photo and video APIs? 



• Is it possible that Mr. Zuckerberg wanted Mr. Vernal to speak with other teams 
regarding photo and video APIs because Facebook has many partners with 
contracts whose advertising campaigns or other promotions with Facebook 
depend on these APIs? 

• Does Mr. Vernal state that Mr. Zuckerberg asked them to try to launch these 
Graph API 2.0 or Platform 3.0 changes sooner? 

• Is it possible that Mr. Zuckerberg wanted them to announce these changes 
sooner in order to more quickly eliminate competition? 

54_FB-00061393 - This is a September 2013 email exchange in which Archibong, 
Daniels, Cross and others discuss a comment written by a Facebook engineer, David 
Poll. Poll writes: [Read full highlights on bottom of 94 and all of 95 “I was thinking 
about...along with the bad?”] 

• Mr. Poll worked at Parse prior to the Facebook acquisition, correct? You knew 
him well around this time, correct? 

• Does Mr. Poll state that two apps that are a key part of how he uses his phone 
every day will be “irrevocably broken” because Facebook is removing 
“friend_list”? 

• Does Mr. Poll state that his fundamental problem is that, as a smartphone user, 
his friend list is his information and that Facebook shutting down his access to it 
comes across as Facebook intruding upon his control over his own information? 

• Does Mr. Poll state that as a smartphone user, Facebook’s restriction of data 
access to developers will have a “significant negative impact” on his day to day 
smartphone experience? 

• Does Mr. Poll suggest that Facebook find an alternative way to address any 
abuse on Platform that avoids shutting down entire classes of good apps? 

• Do you agree with Mr. Poll that he actually has less control over his friend list 
after Graph API 2.0 than he had before Graph API 2.0? 

• Do you agree with Mr. Poll that restricting data access to Platform apps could 
result in a negative smartphone experience for consumers? 

• What other former Parse employees at Facebook agreed with Mr. Poll’s 
characterization of Facebook’s changes? Who else? Who else? 



• Who was the most vocal critic of Facebook’s data restriction decisions under 
Platform 3.0 around this time? [You don’t remember anyone being vocal with 
you about their criticism and raising it to you in a number of email or chat 
communications?] 

• Is it fair to say that Facebook’s decision to restrict data access presented a 
morale issue for the Parse team? Let’s assume it did. Why would that be the 
case? 

You see Mr. Rose forwards the message to others and asks if Facebook would 
whitelist these apps to address Mr. Poll’s concern. Is that correct? 

Mr. Archibong responds with a suggestion. [Read fourth highlight at bottom of 93 “One 
suggestion...into that conversation”]. 

• Does Archibong suggest categorizing the apps David Poll is concerned about as 
“contact” apps as a potential solution to avoid breaking them? 

• Does Archibong say that an app Poll is concerned about is similar to another 
app called Xobni? 

• Who makes Xobni and what does it do? [Yahoo purchased in 2013, smart 
address book app on phone] 

• Who does Archibong state wanted to shut off Xobni? [Does Archibong state that 
Mr. Zuckerberg wanted to switch off Xobni? Is there another Mark that 
Archibong could be referring to? If “yes,” get details on Mark] 

• Does Archibong state that product, meaning the product team, wanted to shut 
off Xobni? 

• Was Mr. Cox still the Chief Product Officer who oversaw the product team at 
Facebook in September 2013? 

• Did you have any discussions with Mr. Zuckerberg or Mr. Cox directly in 
September 2013 regarding shutting off data access to Xobni? 

• Who is the other POV that Archibong wants to weigh in? [“Sam” is Lessin] 

• Does Mr. Archibong state that he wants to check with Mr. Lessin to see if these 
‘contact’ apps are in “strategic conflict” with Mr. Lessin’s products? 

Aaron Bernstein responds to Archibong: [Read first three highlights on 93], 

• What product team was Mr. Bernstein on at this time and who did he report to? 



Does Mr. Bernstein state that he started a cross-functional team to explore 
building a contacts app with Mr. Lessin and Mr. Olivan? 

Does Mr. Bernstein state that Mr. Olivan was interested in Facebook having a 
contacts app because it would give Facebook an advantage in the messaging 
app market? 

Does Mr. Bernstein imply that Mr. Olivan’s belief is that if people use a 
Facebook contacts app, they will be more likely to use Facebook when they 
message others, since they will need to find those other people first in 
Facebook’s contacts app? [If “IDK,” would that be a reasonable interpretation of 
how Mr. Bernstein characterizes Mr. Olivan’s view?] 

Does Mr. Bernstein state that they should keep access to the friends data pretty 
tied down? 

Does Mr. Bernstein state that one reason to keep friends data very restricted is 
that it is a challenge to monitor companies to determine if they become 
competitors to Facebook? 

Does Mr. Bernstein imply that they should just restrict data access to all 
contacts apps because they can’t tell in advance which will become 
competitors? 

Would Mr. Bernstein have the authority to make and implement this decision on 
his own? 

Who would Mr. Bernstein receive the authority from to do that? 

When Mr. Bernstein states “if Xobni is not ok, what is?” is he implying that if Mr. 
Zuckerberg, Mr. Lessin and Mr. Olivan consider Xobni to be a competitor, then 
virtually all apps would be considered competitors? [If “No” or “IDK,” what is 
another reasonable interpretation of what Mr. Bernstein means by that 
statement?] 

Did you have any discussions with Mr. Lessin or Mr. Olivan directly in 
September 2013 regarding shutting off data access to Xobni? 

Are you aware that Xobni was a San Francisco startup that Bill Gates once 
described as “the next generation of social networking”? 

Are you aware that Xobni was purchased by Yahoo around the time these 
discussions were occurring? 



• Was Xobni ever whitelisted or blacklisted for any private Facebook APIs? [If 
“yes,” when? For what? Who decided? Etc.; if “idk” or “no,” who would know? 
Would Mr. Zuckerberg know? Mr. Lessin? Olivan? Cox?] 

55_FB-00061437 - This is a September 2013 email exchange between Cross, 
Papamiltiadis and others with the subject “P3.0 Rollout Planning”. 

• You’ll see at the top of 37 Cross describes “capabilities,” “Gks,” and “Sitevars”. 
What is the one-sentence definition of each of those terms? 

• You’ll see that Papamiltiadis refers in the email right below on 37 to the “Talent 
tool”. What is the Talent tool? 

• Did Facebook employees use the Talent tool to grant capabilities to certain 
developers that gave them access to Facebook data that may not have been 
available to all developers? 

• Flow many different tools did Facebook have to administer whitelists and during 
what years was each tool used? 

On the top of 38, you see Cross writes an email regarding their immediate tasks. Cross 
writes: [Read full highlight on 38 “What we need to do...provide more context)”]. 

• Does Cross state that they need to create two lists: one that includes all of their 
whitelisted permissions and one that includes all the companies they consider 
threats? 

• Does Cross state that they will then determine for each whitelisted permission 
and each app whether the app can keep access or not, or if they need to 
escalate the decision to a superior? 

• Does Cross state that for developers who keep access, they either need to 
verify an existing Extended API Agreement or enter into a new Extended API 
agreement with them? 

• Does Cross use the phrase “user privacy” or “user trust” when describing this 
task regarding which types of data to remove from which developers? 

See on 39, Papamiltiadis emails Cross comments on a presentation Cross prepared. 
Fie writes regarding Slide 5: [Read highlight on 39 “Removing access...NEKO 
adoption”]. 




What does NEKO stand for? 



• Does “NEKO adoption” mean increased purchases, and therefore revenues, for 
Facebook’s mobile newsfeed advertising product, aka NEKO? [yes] 

• Does Papamiltiadis suggest that Facebook’s decision to privatize access to the 
full friends list is an “indirect” way to increase the revenues or customers of 
Facebook’s advertising business? [If “no” or “IDK,” is there another reasonable 
interpretation of his statement?] 

60_FB-00460895 - This is a September 2013 email exchange between you, Purdy and 
others with the subject “PS12N meeting with Javi”. Purdy writes: [Read third highlight 
at bottom of 96 “I know there has...on mteam”]. 

• Does Purdy state that it is important to get feedback from Mr. Olivan because 
Mr. Olivan is one of the executives most concerned about Facebook leaking its 
data to other companies? [If “IDK,” is there another executive on the 
management team named Javi besides Mr. Olivan?] 

• Who is the other executive Purdy mentions is a vocal critic of graph leakage? 
[Lessin] 

You respond immediately above Purdy on 96 that you would prefer to just ask Mr. 
Olivan what he dislikes about Platform and which parts he considers leakage. Is that 
correct? 

Federov then responds: [Read top highlight on 96 “I think Javi...shut platform down 
©”]. 

• Does Federov state that Mr. Olivan will care about developers accessing friend 
lists and friend data permissions? 

• Does Federov state that Mr. Olivan would like to see Facebook Platform shut 
down? 

• Does Federov imply that Mr. Olivan, as a member of Facebook’s executive 
management team, will recommend to these employees to restrict developer 
access to app friends, certain user info, and friend data permissions? 

• Does Federov imply that if Mr. Olivan had his way entirely that Facebook would 
be an entirely closed application where Facebook users could not permit other 
companies to access any of the data Facebook maintained on their behalf? 

• Did you participate in the meeting in which the presentation being prepared in 
this email string was presented to Mr. Olivan? 



• How many meetings did you participate in with Mr. Olivan directly where he 
shared his thoughts and impressions regarding developer access to Platform 
data? [If any, when? Who else attended these meetings?] 

• Did Mr. Olivan influence any aspect of Facebook’s decision to restrict data from 
over 40,000 apps on April 30, 2015? 

• Did Mr. Olivan communicate to you directly at any time that Platform 3.0 or 
Graph API 2.0 changes were motivated by Facebook’s desire to damage or 
eliminate competitive threats? When? [Never? You’re testifying under penalty of 
perjury that Olivan never communicated to you that the decision to restrict 
read_stream, friends list and friends permissions data was to provide Facebook 
with an advantage relative to current or future competitors?] 

• Did Mr. Lessin communicate to you directly at any time that Platform 3.0 or 
Graph API 2.0 changes were motivated by Facebook’s desire to damage or 
eliminate competitive threats? When? [Never? You’re testifying under penalty of 
perjury that Olivan never communicated to you that the decision to restrict 
read_stream, friends list and friends permissions data was to provide Facebook 
with an advantage relative to current or future competitors?] 

63_FB-00433628 - This is an October 2013 chat string between you and O’Neil. You 
write: [Read all highlights on 28 and 29 at once “I just spoke to KP...not for 
deprecations”]. 

• Do you state that KP is angry about the Platform 3.0 changes because 
Facebook will alienate the developer community and give special access to all 
of Facebook’s friends? 

• What exactly did KP say to you? Over what period of time do you feel KP was 
frustrated about these changes? When do you think KP got over his frustration? 

• Do you state here that KP’s view is “fundamentally correct”? By “fundamentally 
correct,” is it fair to say that you felt KP was right that Facebook would give 
special access to its close partners and alienate the developer community? 

• Do you state that Facebook is eroding the value of Facebook Platform for 
reasons that are not clear? 

• Who are the reasons not clear to? You? Facebook employees? Platform 
developers? 

• Is it fair to say that in October 2013 it was not clear to you why Facebook was 
restricting data access to a wide range of competitive applications? 



• Did you ever raise this concern in an email or chat to Zuckerberg? Did he ever 
write back to you in the email or chat? What was his response in the email or 
chat? [keep this to emails or chats, no oral communications] 

• Was the term “incentive alignment” frequently used by Facebook employees 
during this time? 

• What did you mean by the term “incentive alignment”? 

• Is that typically what other Facebook employees meant by the term around this 
time? 

• Do you state that Facebook’s decision to announce separate Core and Beta 
(also known as Experimental or Extended) APIs is only because Facebook is 
removing access to data like the full friends list and permissions? [Is there 
another reasonable interpretation of your statement?] 

• What did you mean by that statement? 


• Is it fair to say that many of the Beta APIs were some of Facebook’s oldest 
APIs? Most widely used APIs? 

64_FB-00523178 - This is an October 2013 email exchange between George Lee and 
a number of Facebook employees with the subject “Invites & PS12N”. Lee writes in the 
middle of 80: [Read highlights on 80 “Key concern...reach non-app friends”]. 

• Does Mr. Lee state that the key concern is user privacy and user trust when 
proposing as a solution that Facebook remove all non-app friends? 

• Does Mr. Lee state that the key concern when proposing as a solution that 
Facebook remove all non-app friends is that Facebook needs to stop leaking its 
graph to platform developers? 

• Weren’t Platform developers already prohibited by Facebook’s policies from 
rebuilding Facebook’s graph? 

You see on 78 that you and others discuss building an API you call the “lookup API” 
that might let developers still grow their app without leaking the graph. Do you see you 
discuss a lookup API? 

You ask towards the top of 78 “Would growth actually be ok with this?” Do you see 
that? 


Who do you mean by growth? 



• Is Mr. Olivan the executive in charge of the growth team? [If IDK, what is his 
title?] 

• Did you participate directly in any discussions with Mr. Olivan regarding this 
“lookup API” around October 2013? 

You see at the top of 78 Lee responds: [Read top two highlights on 78 “At the end of 
the day...trust in some way”]. 

• Does Lee state that Facebook’s efforts related to removing the friend data and 
developing alternative APIs might be creating a situation that actually damages 
user trust? 

• Does Lee suggest that Facebook can look the other way on this? 

• Why was Facebook considering building the lookup API as an alternative way 
for certain apps to access friend data after friend data had been restricted to 
developers? [If IDK, you have no idea what building the lookup API would 
solve?] 

65_FB-00575243 - This is an October 2013 email from Mr. Vishwanath responding to 
the discussion in the email we just reviewed. Vishwanath writes: [Read top two 
highlights on 43] 

• Does Mr. Vishwanath state that it’s his understanding their goal is to make it 
harder for developers to grow new apps by using existing apps? 

• Does he state that Canvas is the exception where Facebook does want to help 
developers grow their apps? 

• Is Canvas a Facebook product that lets you build a website or an app that is 
part of Facebook? 

• Does Facebook directly generate revenues from games played on Canvas? [yes] 

• Does Facebook directly generate revenues from games that are not played on 
Canvas? [no] 

• Does Vishwanath say that the lookup API would solve the problem of removing 
this friends data without hurting Canvas? 

• Does Vishwanath ask how Facebook would ensure developers don’t use the 
lookup API to grow games off Canvas? 



• When asking this question, is it fair to say that Vishwanath is asking how 
Facebook can ensure the lookup API is not used to support the growth of apps 
whenever Facebook does not receive financial benefit? [Is there another 
reasonable interpretation?] 

66_FB-00576265 - This is an October 2013 chat string between you, O’Neil and 
others. You write on 65: [Read top two highlights on 65 “I have spent...of the use 
cases”]. 

• Do you state that the feedback from Facebook employees you met on this trip 
about Platform Simplification was “universally negative”? 

• Do you state that the reason is because Facebook executives or managers 
haven’t clearly communicated why they are removing access to data? 

You see at the bottom of that same page 65, O’Neil sends you a presentation he gave 
as a test run about the Platform 3.0 changes and says it was well received. Is that 
correct? 

You see at the top of 66 you write in reaction to the presentation: [Read first and 
second highlights on 66 “Interesting that...have heard before”]. 

• Do you state that your view had been that Platform 3.0 data restrictions like 
removing friends data were a way to protect Facebook against competition from 
WhatsApp or apps like WhatsApp? 

• At this time in October 2013, did Facebook compete with WhatsApp? 

• Did Facebook purchase WhatsApp in February 2014 for $19.3 billion? 

• Was Facebook’s purchase of WhatsApp its largest acquisition ever? 

• At any time prior to Facebook’s purchase of WhatsApp, did Facebook to your 
knowledge whitelist or blacklist WhatsApp to any Facebook APIs, capabilities or 
permissions? [Who would know? Would Zuckerberg know? Olivan? Lessin? 
Vernal?] 

• Is it fair to say that you were under the impression at this time that Platform 3.0 
changes were being made at least in part for competitive reasons? 

• Do you state that O’Neil’s presentation pitches the Platform 3.0 changes as a 
way to protect or grow Facebook’s advertising platform? 



• Do you state that positioning Platform 3.0 as a way to protect Facebook’s 
advertising revenues is easier to defend but that it’s not a line of reasoning you 
had heard before? 

• Sitting here today and having had time to reflect on this period, do you think 
Facebook’s motivations for restricting data access under Graph API 2.0 were 
driven by competitive considerations, advertising growth considerations, or 
both? 

If you look down 66 you’ll see that Purdy requests the presentation you and O’Neil had 
been discussing. He asks if it includes the model they discussed last week? O’Neil 
responds a few messages below on 66: [Read bottom highlight on 66 “Doug: 
yes...discussed last week”]. 

• Does O’Neil tell Purdy that the presentation explaining their reasoning for 
restricting data access under Platform 3.0 includes the aligned / competitive 
model they discussed last week? 

If you go to the top of 68, O’Neil mentions the following: [Read top highlight on 68 “I’ve 
had...all the data”]. 

Purdy then responds below on that page: [Read second and third highlights on 68 “I 
don’t think...on user data”]. 

• Does O’Neil state that he’s received questions from Facebook employees 
regarding why Facebook is now protecting its data? 

• Does Purdy state that they are not going to reopen their philosophy on user 
data? 

• Is it reasonable to conclude that Purdy believes that Facebook’s philosophy on 
user data is that users cannot port much of the data they share on Facebook to 
other applications? 

• Based on this string, is it reasonable to conclude that Purdy is saying the 
decision whether a user can share a certain piece of her data with another 
developer is up to Facebook and depends on whether that other developer 
competes with Facebook? 

• Do you see the words “user trust” or “user privacy” anywhere in this discussion 
between you, O’Neil and Purdy? 

• Is it fair to say that some former Parse employees disagreed with Facebook’s 
philosophy on user data as Purdy describes it here? Why did they disagree? 



• Did you agree with Facebook’s philosophy on user data as Purdy describes it? 
Why did you agree or disagree? 

67_FB-00499966 - This is a December 2013 chat string between O’Neil and Amir 
Naor, a Facebook employee. Take a moment to read the string to yourself. 

• Mr. O’Neil wishes Naor a happy birthday and mentions that removing friends 
birthday data is going to be “especially bad for birthday notifiers”. Naor agrees 
and says that it will also be bad for dating apps. O’Neil then says the dating 
apps will be interesting and that Lulu will be hit hard but Tinder will be fine. Is 
that correct? 

• Does a dating app let a user see a photo and other information about people, 
typically people somehow connected to them, and determine if they’d like to go 
on a date with them? 

• Were Lulu and Tinder popular dating apps? 

• Why does Mr. O’Neil state that Lulu will be harmed but Tinder won’t be? 

• So Mr. O’Neil’s statement has nothing to do with the fact that Tinder will get 
special access to private APIs so it can continue to function after Graph API 2.0 
is released while Lulu will not have the same special access Tinder will have? 

70_FB-00434425 - This is a January 2014 email string among you, Vernal and others 
with the subject “slides for mark”. You can see at the bottom of 30 O’Neil attaches a 
file “Login v4 Review with Mark” and then writes that the slides for Mark are attached. 
Is that correct? 

You then state at the bottom of 29: [Read highlights at bottom of 29 and top of 30 
“Yeah, I think these are....exception for iOS Login?”]. 

• Do you state that you are going to ask Zuckerberg the questions I just read? [Is 
there another Mark you could have asked that would make sense in this 
context?] 

• Is one of the questions whether Zuckerberg is comfortable killing the prospects 
of a lot of startups with these changes that took effect on April 30, 2015? 

• Is another question whether Zuckerberg believes Facebook can guarantee its 
Login feature to any app regardless of how competitive it may be? 

• Is another question whether Zuckerberg believes Facebook is willing to make 
these changes that took effect on April 30, 2015 with a huge exception for apps 
built on Canvas? 



• Is another question whether Zuckerberg believes Facebook is willing to make 
these changes that took effect on April 30, 2015 with a huge exception for 
Apple’s mobile operating system iOS? 

• Did you ask Zuckerberg these questions in late January or February 2014? 
How? Over email? Chat? In person? Did Zuckerberg respond in writing? What 
did he write? [So you have no written record of Zuckerberg answering these 
questions?] 

• Did any other Facebook employees participate in your discussion with 
Zuckerberg regarding these questions? 

• Did Zuckerberg ever write to you about his motivations for implementing 
Platform 3.0/PS12N? When? 

• To the best of your knowledge, was Zuckerberg comfortable killing the 
prospects of lots of good startups? 

• Why was Zuckerberg comfortable with this? 

If you jump up to 27, you can see you state one of your concerns that motivated these 
questions: [Read highlight on 27 “My concern...workaround on iOS”]. 

• Do you state that your concern in asking at least some of these questions to 
Zuckerberg is that Facebook may be perceived as not being able to hold its 
story together? 

• Do you refer to the user trust message as the story that Facebook may be 
perceived not holding up to scrutiny? 

• Do you state that Apple’s mobile operating system has an easy and obvious 
workaround to some of these changes allegedly made in the interest of user 
trust? 

• Do you imply that these huge exceptions might undermine Facebook’s user 
trust message? 

• When is the first time you discussed the user trust message as the explanation 
for Graph API 2.0 with Zuckerberg? When did Zuckerberg decide to make the 
user trust message the final public explanation for Graph API 2.0? 


71 _FB-00528042 - This is a January 2014 email from Facebook employee George Lee 
to various Facebook employees. Lee writes: [Read first large highlight at top of 42 “We 
sold developers...the last 2 years”]. 



• Does OG mean Open Graph? 

• Is implicit OG or implicit sharing a way for developers to integrate with 
Facebook’s Newsfeed in a way that helps them grow their apps? 

• Does Lee state that Facebook told developers that one of the best things they 
can do to grow their apps is optimize their use of “implicit OG”? 

• Does Lee state that developers have invested a lot of time to establish that 
traffic on Facebook? 

• Does Lee state that taking away implicit OG nullifies all the work developers 
have done over the past two years to integrate OG? 

• When Lee writes that Facebook “sold developers a bill of good,” is it fair to say 
that he means Facebook made representations to developers that caused them 
to invest time or money in building apps that use “implicit OG”? 

Mr. Lee continues: [Read second and third highlights on 42 “The more I think...canvas 
ecosystem”]. 

• Does Mr. Lee state that removing developers’ ability to use implicit sharing 
reverses a storyline that Facebook has been pushing to developers for two 
years? 

• By “pushing,” is it fair to say that Lee means Facebook is representing that 
storyline as Facebook’s official position in public and private conversations with 
developers and the public? 

• Does Lee state that the damage to Facebook’s Canvas product could be 
“irreparably” harmed if this change is implemented for all Canvas applications? 

• Does Lee state that he and others have expressed concerns in the past and that 
this transition could be “very very painful”? 

72_FB-00528137 - This is an email between O’Neil and others with the subject “open 
issues: userjriends and naf”. 

If you go to 38, you see that O’Neil writes that they have a review coming up on 
January 24, 2014 with Mike and on January 27, 2014 with Mark. Is Mr. O’Neil referring 
to Mr. Vernal and Mr. Zuckerberg? [Who else could Mr. O’Neil be referring to? Are 
those two the most likely people O’Neil could be referring to?] 


And then if you jump to the middle of 37 O’Neil writes: [Read highlight on 37], 



• Is NAF non-app friends, meaning a user’s friends who aren’t also using the app? 
[If “no” or “IDK,” point to “non-app friends” at top of email], 

• Non-app friends is a permission Facebook removed when it made Graph API 
2.0 mandatory on April 30, 2015, correct? 

• Does O’Neil state here that the proposal they are preparing for the meetings 
with Vernal and Zuckerberg is that an app can access non-app friends if 
Facebook approves that access after these changes go into effect? [What else 
could O’Neil mean by this statement then?] 

• Did you participate in either the January 24 meeting with Vernal or the January 
27 meeting with Zuckerberg? 

• Do you know what feedback Mr. Zuckerberg gave in the January 27 meeting? 

• Do you know who attended the meeting? [How do you know O’Neil attended 
the meeting? So you suspect or assume O’Neil attended the meeting? Did 
O’Neil ever share his feedback with you from Zuckerberg?] 

73_FB-00556670 - This is a January 2014 email string between you, Purdy and others 
with the subject “Login v4 + PS12N +f8”. If you go to 71, you’ll see that Purdy writes: 
[Read first highlight “1. We are building...their real online identity”]. 

• Login v4 and unified review are the changes Facebook announced on April 30, 
2014 related to an app seeking permissions to access Facebook data when 
people use their Facebook username and password to login to the app? 

• Login v4 required that Facebook review more permissions to access data than 
Facebook previously required, correct? 

• Is this what Purdy means when he says that these changes are good for people 
and give people control, meaning Facebook offers a safer and more transparent 
experience with users because of these Login v4 changes? 

• Is this the same basic idea as or at least related to the user privacy and control 
messages that Facebook has publicly stated were its reasons for the changes 
announced on April 30, 2014? [admit they are related] 

Purdy then writes: [Read second highlight on 71 “The above user trust...pushback if 
you disagree”]. 



• When Purdy refers to the “user model changes,” is he referring to Login v4? 

[Well he is referring to one of the three products he mentions, Login, PS12N and 
Unified Review. Which is it?] 

• When Purdy refers to the “developer changes,” is he referring to Platform 
Simplification in which access to data like the friends list and friends 
permissions is being removed? 

• Does Purdy write that the user trust message I just read a few moments ago 
“only really hangs together” if Facebook communicates these two major 
changes at the same time, or in one fell swoop? 

• Does Purdy say these two changes need to ship together? 

• Does this mean that it is technically possible for Facebook to implement the 
Login v4 changes without the PS12n changes, or vice versa? In other words, 
from a product standpoint, do these changes have anything necessarily to do 
with one another? Facebook could have launched PS12n changes without Login 
v4 and it could have launched Login v4 changes without PS12n, right? 

• Is it fair to say that Purdy’s view is that Facebook needs to announce Login v4 
and PS12N together in order for the user trust message to be coherent? 

• Did Zuckerberg participate in the decision to combine the external messaging 
around Login v4 and Graph API 2.0 changes? 

• Who made that final decision to combine Login v4 and Graph API 2.0 into one 
public announcement? 

You’ll see at the bottom of 70 Purdy mentions reviewing the material discussed in this 
email with Mark on January 27, 2014 - see bullet 2 at the very bottom. Is that right? 

You see right above that in bullet 5, Purdy states they are going to recommend to Mike 
and Mark to postpone F8 until the fall. Is that correct? 

• Is Mike Mr. Vernal? [Is it likely Purdy is referring to another Mike here?] 

• Is Mark Mr. Zuckerberg? [Is it likely Purdy is referring to another Mark here?] 

• Did you participate in this meeting on January 27, 2014 with Mr. Zuckerberg 
concerning the timing of Login v4, PS12N, and F8? [No] 

• Did you have any meetings with Mr. Zuckerberg in early 2014 other than 
company-wide meetings in which he expressed his thoughts regarding the 
timing of Login v4, PS12N, and F8? What did he say? 



• Did Facebook announce the Login v4 and PS12N changes together at F8 on 
April 30, 2014? 

• So Facebook presumably got the benefits of the user trust message because, 
according to Purdy, it announced these two changes in one fell swoop? 

• But Facebook did not end up taking Purdy’s recommendation of pushing F8 
back to the fall? 

• Do you know who rejected Purdy’s recommendation and made the final 
decision to hold F8 on April 30, 2014? [You have no idea? Who authorized that 
person to make the decision? Could that person have unilaterally made this 
decision without the approval of a superior? Which superior would have had to 
approve this decision?] 

• Who would have the authority to make a decision like that? Would Zuckerberg? 
Would anyone else? [If he gives any names, ask if that person would need to get 
Mr. Zuckerberg’s approval for the date of F8], 

• Did you make the final decision to hold F8 in late April 2014? 

• Did you make the final decision to make user trust the central theme of the F8 
conference in 2014? Who did? 

• Did you communicate this decision to other employees and take on the task of 
rallying Facebook employees and eventually third party developers to buy in to 
this user trust message as the explanation for these changes? 

• Did you ever make clear to Facebook employees that Zuckerberg would not be 
announcing any specific data permissions being removed on stage at F8? 


74_FB-00058030 - This is a February 2014 chat string between you, Papamiltiadis and 
others. You see at the bottom of 30, Sukhar writes: [read all highlights on 30 “After 
discussing...reasonable compromise”]. 


• With whom do you state you discussed making user trust a core theme of F8? 
[Zuckerberg] 

• Did you participate directly in these discussions with Zuckerberg regarding 
making user trust a core theme at f8? 



• Do you know who the “we” is that you say helped to land on that decision with 
him and Zuckerberg? Who else participated? Was this discussion over email? 
Meetings? 

• Do you imply that Mr. Zuckerberg participated in the decision on how and when 
to announce the removal of friends permissions and other Platform 3.0 
changes? 

• When you write that “we” agreed to roll things out simultaneously, are you 
referring to Login v4 and Platform 3.0 changes like deprecating the friends 
permissions? 

• Do you state that Mr. Zuckerberg is best positioned to announce Facebook 
putting power back in the hands of the people? 

• Do you state that Mr. Zuckerberg will not be enumerating specific permissions 
that Facebook is removing during his announcement? 

• Do you state that Mr. Zuckerberg will focus his announcement on the new 
Login, also known as Login v4? 

• Do you state that this decision on the announcement is not ideal but a 
reasonable compromise? 

• So you, Zuckerberg and others decided on implementing Platform 3.0 
simultaneously with Login v4? 

• And you decided to only tell the public and developers about the Login v4 
changes and not the specific Platform 3.0 changes in Mr. Zuckerberg’s 
announcement? 

82_FB-00433725 - This is a May 2014 chat string among O’Neil, Koumouzelis and two 
Facebook employees, Amir Naor and Sean Kinsey. At the top of 25, Naor writes: [Read 
top highlight on 25 “I disagree...the games ecosystem”]. 

Kinsey then responds: [Read second highlight on 25 “Amir, the inconsistency...regular 
apps to do”]. 

• Do Mr. Naor and Mr. Kinsey both state that Facebook has different rules for 
different developers or holds developers to different standards? 

• Does Mr. Kinsey express amazement that no one has called Facebook out for 
this conduct? 



• Does Mr. Kinsey state that Facebook permits games to do things that regular 
apps can’t do? 

If you go to the bottom of 25, you’ll see that O’Neil replies “I see the inconsistency, we 
just decided that it was worth it.” Do you see that? 

• Why do you suspect Mr. O’Neil thinks it is worth having this inconsistent 
treatment of developers? 

And then if you jump down to 28, Kinsey follows up that: [Read highlight on 28 “It’s 
ironic that...building that trust ©”. 

• Does Kinsey imply that user trust is more important in scenarios where money 
or payments are involved? 

• Can Facebook Canvas games sometimes involve payments or money? 

• What does Kinsey say is ironic to him here? 

• Does Kinsey imply that this exception undermines or calls into question 
Facebook’s public narrative that it is making Platform 3.0 and Login v4 changes 
to build user trust? 


77_FB-00454612 - This is a January 2015 task from O’Neil with the subject ‘“Apps 
Others Use’ privacy permissions do not persist after turning Platform off/on.” At the 
bottom of 12, the task is described as follows: [Read fourth highlight at very bottom of 
12 and top highlight of 13 “On the above page,...are returned to the defaults”]. 

• Does this task reference a public Facebook URL and state that a user can click 
that URL to access “Apps Others Use” to have granular control over information 
about the user that is visible in friends’ apps? 

• Does this task state that a user can also turn “platform off” entirely, meaning 
that the user can prevent all of her data from being accessed by any app 
besides Facebook? 

• Does this task describe an issue where if a user turns platform off and then back 
on, her prior settings about which apps and which data she wants to share 
would be reset? 

• When was this task created? [October 2, 2014] 


If you look at the top of 12, O’Neil closes the task on January 5, 2015. Do you see 
that? O’Neil writes: [read top highlight on 12 “Friend permissions...Closing”]. 



Does O’Neil write in January 2015 that because Facebook is removing friends 
data later in 2014 that they are not going to address this issue? 




• So from October 2014 until April 2015 it was possible that Facebook was not 
accurately representing what I thought were my privacy permissions as a user of 
Facebook? 

• And Facebook never fixed this issue after becoming aware of it in October 
2014? 

78_FB-00580073 - This is an April 2015 task with the subject “Platform Feedback - 
only me profile info leakage via platform”. Facebook employee Connie Yang describes 
the task at the bottom of 73 and top of 74: [Read highlights at bottom of 73 and top of 
74 “Apps on...‘Only Me’?”]. 

• Does Ms. Yang describe an issue in Facebook’s privacy settings? 

• Is the “Only Me” setting the one I would check when I want information I put on 
Facebook, like a photo, to only be accessible to me? 

• Does she write that apps on Platform can automatically access information I 
have decided no one else can see? 

• Does she write that apps can display information I want only visible to me to 
other users? 

• Could these other users include people I am not friends with? 

• Does Yang ask if this directly violates what Facebook represents to users the 
“Only Me” setting does? 

• If Facebook were to have failed to maintain functioning privacy settings, could a 
developer’s app inadvertently violate Facebook’s policies regarding users? 

• If I were to see a privacy-related issue in a Platform app around April 2015, is it 
possible that a problem in Facebook’s code caused the issue? 

• Is it possible I would think the developer’s app had caused the issue? Could 
that make me less likely to use the developer’s app? 

• Was it possible for Platform developers when accessing Graph API data in 
2014 to see the granular permission setting on each piece of data it was 
consuming? 




79_FB-00574447 - This is an October 2011 email in which Cross and O’Neil discuss a 
privacy bug. Cross writes: [Read highlights on 47-48]. 

• Does Cross say here that Facebook currently is not making visible to developers 
the privacy setting of a given user action? 

• Was this ever fixed? [If yes, how do you know it was fixed? When was it fixed? 
What was the solution to fix it?] [If no, why wasn’t it fixed?] [If IDK, you don’t 
know if Facebook ever permitted developers to view the privacy settings of 
graph data and actions?] 

80_FB-00510171 - This is a February 2014 task entitled “PS12n Capability Cleanup - 
Remove 698 Apps from the Capabilities Tool”. At the top of 72 there is a description of 
the task that reads: [Read all highlights on 72 “The partnerships teams...go-ahead 
from Doug”] 

• Does this state that the partnerships team at Facebook has completed 
reviewing 5,300 whitelisted, or capability-granted, apps? 

• Does this state that about 700 of these apps will have their capabilities 
removed? 

• Is it reasonable to think that if an app is not deleted but has certain capabilities 
removed, that someone might still be able technically to use it but it likely would 
not function as intended? 

• According to this task, does Facebook intend to notify developers in advance 
that these apps might break? 

• Before making the change, does Facebook plan to prepare messaging that it will 
only deliver to a developer if that developer complains? 

• Does Facebook plan to remove capabilities to all 700 apps at once? 

• Is Mr. Purdy responsible for giving the approval to do this? [Is there another 
Doug who could have approved this around this time?] 

83_FB-00597229 - This is a November 2014 email string discussing Flipboard, a 
developer app, between O’Neil, Papamiltiadis, Archibong and others. If you look at the 
bottom of 32 and top of 33, you see that Eric Feng, the Flipboard CTO, writes that 
Flipboard did not receive read_stream and friend list permissions when Facebook 
reviewed its app. Is that correct? 



Papamiltiadis then responds on 32 with reasons for continuing to let Flipboard access 
read_stream permissions. His third reason at the middle of 32 is: [Read first highlight 
on 32 “3/ Good partnership...baked into their apps”]. 


• Does Papamiltiadis state that prior to or during October 2014 Facebook had in 
some cases declined read_stream access to other developers? 

• Does Papamiltiadis imply that Facebook had not officially notified developers 
that it was restricting read_stream access and so they are surprised by getting 
declined to access it? 

• Does Papamiltiadis state that read_stream access was a well baked feature in 
their apps? 

• From January to October 2014 was read_stream a permission that Facebook 
publicly stated developers could access on Platform? 

O’Neil then responds on the bottom of 31 that Facebook should approve Flipboard 
through whatever timeframe makes sense for the relationship. Is that correct? 

He then writes later in the string at the top of 30 that Flipboard is a very unique case. 
Do you see that? 

• Who does O’Neil say was supposed to be involved in determining Flipboard’s 
access to data around F8? [Cox] 

• Is that Chris Cox, Facebook’s Chief Product Officer? [Is there another Cox? etc] 

• Did you directly participate in discussions with Cox in 2014 regarding 
Flipboard’s access to Platform data? 

If you look at the paragraph above from O’Neil on 30 he writes: [Read second highlight 
on 30 “Agree with KP on...don’t have that news yet”]. 

• Does O’Neil state that Flipboard doesn’t know Facebook is planning to 
announce the Platform 3.0 and Login v4 changes? 

• So if Facebook permits Flipboard to access the permissions, Facebook doesn’t 
have to tell Flipboard now about the coming changes? 

• Does O’Neil agree with Papamiltiadis that Flipboard should be granted an 
exception to access read_stream because of optics? 

• Does Cross in the next email at the very top of 30 say that he supports giving 
Flipboard access for “optics sake”? 



Were Cross and O’Neil aware that Cox wanted to be involved in decisions 
around Flipboard’s access to data when making this decision? 


• Did Cox tell them to give Flipboard access? Who would know that? [Cox?] 

• Did Flipboard have access to any of the capabilities Facebook could enable in 
its whitelist tools anytime in 2014? [If so, which?] 

• Did Flipboard have access to any data that was not available to Flipboard’s 
competitors anytime in 2014? [If so, which competitors were disadvantaged 
relative to Flipboard?] 

84_FB-00577500 - This is a November 2014 email from an Akamai employee to Cross. 
You’ll see in the second line at the top of 02 the Akamai employee, Shlomi Gian, writes 
that Akamai’s video app was rejected from read_stream access. Is that correct? 

And then see on the bottom of 00 and top of 01 Mr. Gian clarifies that Akamai’s app 
was designed to work similarly to Flipboard and then writes: [Read top highlight on 01 
“Does Flipboard...same level of access”]. 

• Did Facebook give Akamai access to read_stream after this request in 
November 2014? [No] 

• Does this email string indicate that Facebook will give or has given Akamai this 
access? [No] 

• From November 2014 to April 2015 did Flipboard have access to read_stream? 
[remind her we just confirmed that in the prior exhibit] 

• So Flipboard and Akamai have competitive apps and in late 2014 and early 2015 
Flipboard can access data that Akamai could not? 

85_FB-00598434 - This is a December 2014 email exchange between Archibong and 
Papamiltiadis discussing Path. If you look at the top of 36 you’ll see that Archibong 
met with Dave Morin, the founder of Path, and Morin was going to reach out to Mark to 
get a sense of how he views Path these days. Is that correct? 

Archibong then describes ways Path and Facebook might work together at the bottom 
of 36. He writes: [Read bottom highlights on 36 “Depending on how...this claim is or 
not”]. 


Does Mr. Archibong consider Path as a customer for an advertising product, 
Audience Network? 



• Does he state that whether Facebook tries to get Path as a customer for this 
advertising product depends on how Mr. Zuckerberg feels about Path? 

• Does Archibong state that Morin thinks two of his competitors in Asia can 
access platform data that Path can’t? 

• Does Archibong ask that they look into Morin’s claim? 

You’ll see a screenshot in the middle of 35 from Facebook’s capabilities tool. The 
screenshot displays Line’s Facebook ID, an email contact for Line, how many active 
users Line has, and which capabilities and app groups Line is subscribed to. Is that 
correct? 

• So Facebook has an email address for Line stored in a database for an internal 
website? 

• Do many companies with access to private APIs have a page like Line’s in 
Facebook’s capabilities tool? 

• So Facebook stores in a database an email address for each developer with 
access to Private APIs, accepting that some email address fields may be blank 
or inaccurate? 

If you look at the top of 34, you’ll see Papamiltiadis has the results of the investigation 
Archibong requested. He writes that Path is blacklisted for photos and status. Line is 
blacklisted for the friends list, read_stream, photo, photo album and other permissions. 
Is that correct? 

• Does Papamiltiadis then state that the Facebook employee who blacklisted Line 
from receiving the friends list wrote that it was done as a preventative measure? 

• A preventative measure against what? A privacy violation? 

• Did Facebook ever pre-enforce data restrictions against developers because it 
suspected the developer might at some point in the future violate a user’s 
privacy? 

• Could the preventative measure be that Line is a messaging app that could 
compete with Facebook Messenger? 

• Does Papamiltiadis then state that Facebook has imposed more restrictions on 
Line than it does on Path? 

• Is it reasonable to think based on this discussion that Mr. Zuckerberg might 
have been involved in any future decisions regarding any data permissions or 
advertising contracts Facebook entered into with Path? 



• Did you participate in any discussions Mr. Zuckerberg held with Mr. Morin 
regarding data permissions or advertising contracts? 

• Do you know if any of the Custodians participated in any discussions Mr. 
Zuckerberg held with Mr. Morin regarding data permissions or advertising 
contracts? 


86_FB-00046059 - This is a January 2015 email string with the subject “Dropbox - 
Messenger integration”. On 66, Mr. Olivan introduces Drew Houston, Dropbox’s CEO, 
to a Facebook employee, David Marcus, and writes: [Read highlight on 66 “We all 
have...cool happen”]. 

• Does Mr. Olivan ask Mr. Marcus to work with Dropbox’s CEO on striking a deal 
between the two companies that involves Facebook’s Messenger app? 

• Did you participate in any discussions with Mr. Olivan regarding Dropbox’s 
negotiations with Facebook in February 2015? 

If you look at the bottom of 63, Papamiltiadis writes: {Read both highlights at bottom of 
63 “Ime can probably...when we decline”]. 

• Does Papamiltiadis state that Dropbox has requested whitelist access to the Full 
Friends list multiple times in the prior weeks? 

• Does Papamiltiadis state that if Facebook gives Dropbox access to the full 
friends list other developers might feel alienated when Facebook refuses to give 
them access too? 

• Did Dropbox at any time have access to capabilities or APIs that were not 
available to all developers through public Platform APIs? 

• Who would know the answer to that? Would Mr. Olivan know? 

87_FB-00045735 - This is a February 2015 email involving a Netflix employee, John 
Midgley, and Facebook employees with the subject “Graph API 2.0 Migration”. If you 
look at the middle of 36, bullet 1, Mr. Midgley writes: [Read highlight on 36 “Since 
we...connected friends”]. 

• February 2015 is about two months before Graph API 2.0 became mandatory 
and access to the full friends list was removed from Facebook Platform. Is that 
correct? 



• Is Mr. Midgley stating that after April 30, 2015, Netflix will still have access to the 
full friends list? 

• Did Netflix in fact have access to the full friends list after April 30, 2015? 

• Was Netflix’s ability to access the full friends list or other APIs not available to all 
developers governed by a Private API agreement or similar contract? 

• Do you know if that Private API agreement was produced as part of this 
litigation? 

88_FB-00567905 - This is a December 2013 task with the subject “PS12n Whitelist 
Pre-Approval - Enumerate the new Capabilities to be added to support the PS12n 
deprecations”. You’ll see at the bottom of 05 the task is described as follows: [Read 
highlight at bottom of 05 “PS12n will introduce...features”]. 

• Does this task description state that Facebook will create new capabilities in its 
whitelist tools to allow apps to continue using data that was removed from 
Platform on April 30, 2015? 

• Simon Cross created this task, right? 

• When Cross says “allow apps,” does he mean all apps? 

• Is the goal of this task to build APIs that let certain companies whitelisted by 
Facebook access data that was generally available to any company from 2012 
to 2014, so long as they abided by Facebook’s policies and user privacy 
controls, but would no longer be able to access starting May 2015? 

89_FB-00545978 - This is a January 2014 email string with the subject “OG feedback 
from games devs”. You see on 80 a Facebook employee shares feedback from game 
developers. For instance, in the middle of 80, a game maker writes that OG is the most 
important viral channel besides request and that they’ve been optimizing their games 
for this. And then at the bottom of the note another developer writes that he hopes 
Facebook can imagine how big OG actions are for them. Do you see that? Is that 
correct? 

If you then look at 78, there is an email from George Lee to Greg Marra where Lee asks 
if is still the plan to kill action links from platform feed stories? Do you see that? 

And then Marra responds that they would like to kill action links and it is brought up 
frequently during executive reviews. Is that correct? 

Then Purdy asks Marra in his second bullet right above that on 78 if Cox, Mark or 
others are giving that feedback. Is that correct? 



• Is it fair to say that posting action links in a user’s newsfeed was a popular way 
for an app to grow its users based on the feedback? 

• Does Marra state that the plan is to remove the ability for developers to use 
these action links in newsfeed to grow their apps? 

• Does Marra imply that this decision is in line with the thinking of Facebook 
executives? 

• Does Purdy ask Marra if Chris Cox, Mark Zuckerberg or another Facebook 
executive is driving the decision to remove developers’ ability to post action 
links in newsfeed? 

• Did you participate directly in discussions with Cox, Zuckerberg and others in 
January 2014 regarding Facebook’s decision to remove action links in 
newsfeed? 

• Do you know who participated in these meetings? Do you have any knowledge 
of what was said in these meetings? 

• Can you confirm the presence of any attendees in these meetings with Cox and 
Zuckerberg? 

90_FB-00560169 - This is a September 2013 chat string between Facebook 
employees Kevin Lacker and Harshdeep Singh. 

• Was Kevin Lacker the CTO of Parse before its acquisition by Facebook? 

• Would you consider Kevin Lacker to be a respected software engineer with an 
informed opinion regarding software development? Would Mr. Lacker’s 
colleagues? 

Mr. Lacker writes: [Read highlight on 69 “One note...two years”]. 

• Does Mr. Lacker state that the term “deprecate” typically means that something 
still works but is unsupported? [yes] 

• Does Mr. Lacker state that the interpretation of a two-year stability guarantee, or 
two year breaking change window, that makes the most sense to him is that old 
versions should be supported until the new version has been out for two years? 
[Is there another reasonable interpretation of Lacker’s statement?] 



91_FB-00473864 - This is a February 2013 chat string between O’Neil and Amir Naor 
regarding some changes in the iOS SDK to enable frictionless requests in SDK 3.2. 
O’Neil writes: [Read highlight on 64]. Does Mr. O’Neil say that this isn’t a breaking 
change because the previous API still exists? [yes] 

92_FB-00494207 - This is an April 2012 chat string discussing the Diageo app, which 
lets users share alcoholic drink recipes with one another. You can see at the top that 
you were added as a subscriber to the task. 

The issue here was: [Read highlights on 07], Does this mean that “underage Becca” 
could receive alcoholic drink recipes from friends even though the developer, Diageo, 
abided by Facebook’s rules while testing this app? 

Mr. Rudolph provides the answer to this problem. [Read highlights on 12]. 

• Does Rudolph write that age restrictions applied only to Facebook canvas page 
loads and not to data received by developers from graph API or any other APIs? 

• Does Rudolph say that age restrictions have not been enforced on developers 
receiving data from APIs since the APIs were first implemented 5 or 6 years 
ago? 

FB-00521850 - This is a May 2012 email string between Vernal, O’Neil and others 
discussing Zynga’s usage of Graph API permissions. 

Nagar writes that Zynga uses the manage_notification permission for: [Read bottom 
highlight from Nagar on 50]. Does Nagar write here that Zynga’s use of the permission 
is legitimate but that it enables Zynga to target high value users without spending 
advertising money on Facebook? 

Vernal then writes: [Read top highlight from Vernal on 50]. Is it fair to say that Mr. 

Vernal is concerned with Facebook leaking the graph to Zynga when making this 
statement? 

See top of the page (50). Does O’Neil update the documentation per Mr. Vernal’s 
request and does he ask Mr. Niranjan to see if Zynga will stop doing this or say that he 
will “turn off their access to the API”? 

93_FB-00483662 - This is a June 2012 chat string between O’Neil and Vernal 
regarding a meeting with Apple. 

Vernal writes: [Read highlight on 63]. Does O’Neil write that apps are better if they can 
read data from Facebook? 



94_FB-00569937 - This is an August 2012 email string between O’Neil and others 
regarding Graph API improvements. O’Neil writes: [Read highlight on 37], 

• Does O’Neil write that Facebook has invested time and resources in making it 
easier for developers to access friends’ photo albums so long as the developers 
have permission? 

• Is it fair to say that Facebook invested time and resources in making it easier for 
developers to access Facebook’s graph because at the time Facebook felt it 
made business sense to open its graph to developers to build social 
applications that might drive more engagement, users and revenues for 
Facebook? 

96_FB-00545723 - This is a January 2012 email string with O’Neil and others regarding 
privacy changes. 

Mr. Larkin writes: [Read highlight on 23]. Does Mr. Larkin write that starting January 
2012 users had granular control over who could see their app activity on Facebook? 

97_FB-00558226 - This is a January 2012 presentation regarding integrating Facebook 
into Apple’s iOS6 mobile operating system. 

[Read highlight on 28], Does this state that by integrating Facebook’s graph with 
Apple’s phone contacts app that it is possible Apple or third parties could potentially 
recreate parts of Facebook’s graph - the network of connections between people and 
their interests? 

[Read highlight on 44], Does this state that if Facebook agrees to this iOS integration 
with Apple that it might be possible that Facebook would get faster reviews when 
Facebook submits its own apps to Apple’s App Store? 

48_FB-00513515 - This is an August 2013 chat string among various Facebook 
employees, including you, Vernal and Purdy. A Facebook engineer, Ling Bao, writes: 
[Read first two highlights on 22 “for non-goal...utility here?”]. 

• Does Mr. Bao imply that Facebook used to support the ability of users to take 
their data with them? 

• Does Mr. Bao imply that it is no longer a goal of Facebook’s to let people take 
their data with them? 

• When Mr. Bao refers to “login,” does he mean the tool Facebook offers to 
developers where they can login to a developer’s app using their Facebook 
username and password? 



• Does Mr. Bao imply that there is an idea going around that if your app is 
competitive with Facebook, that Facebook will no longer let you use Login? 

• Does Mr. Bao ask if there is a minimum level of functionality Facebook can 
guarantee it will provide to an app even if it is competitive? 

Purdy responds: [Read bottom 5 highlights on 22 from Purdy and all the highlights on 
23 “The meme is wrong...make a call here”]. 

• Does Mr. Purdy state that Mr. Bao is wrong because Facebook has never taken 
away Login from competitive apps? 

• Does Mr. Purdy state that Facebook has decided to take friends.get away from 
competitive apps? 

• Does Mr. Purdy suggest they consider creating another category of developers 
named “restricted”? 

• Does Mr. Purdy suggest adding WeChat to the restricted category? 

• Was WeChat a popular messaging app in Asia that offered products competitive 
with Facebook during this time? 

• Who does Mr. Purdy state is opposed to letting WeChat access the user profile 
photo permission on Facebook Platform? [Javier Olivan] 

• Who does Mr. Olivan report to? 

• Does Mr. Purdy suggest that they tackle now restricting WeChat’s access to 
data on Facebook that is available publicly to all other companies who integrate 
with Facebook Platform? 

• Who does Mr. Purdy state needs to make the call regarding whether to restrict 
WeChat’s access to data? [Vernal] 

• Who does Mr. Vernal report to? [Zuckerberg] 

• Did you personally discuss with Mr. Olivan his desire to restrict WeChat’s 
access to publicly available Facebook data around August 2013? 

• Did you personally discuss with Mr. Vernal his recommendation whether to 
restrict WeChat’s access to publicly available Facebook data around August 
2013? 




• To your knowledge did any of the Custodians personally discuss with Messrs. 
Olivan or Vernal whether to restrict WeChat’s access to publicly available 
Facebook data around August 2013? 

• Did Facebook restrict WeChat’s access to publicly available Facebook data 
around or anytime after August 2013? [If “IDK,” who would know the answer to 
that? Would Mr. Olivan? Mr. Vernal?] 

Hendrix Deposition Script 

What is your current title and who do you report to? 

What titles have you held and in what years at Facebook? 

Depo Notice is Exhibit 1 - confirm FB is designating her to testify as the PMQ on topics 

(a), (0, (k) 

Facebook Second Supplemental Response to Int. 9 served on March 6, 2017 is Exhibit 
2 - confirm she is the PMQ regarding all of the individuals in second supplemental 
response, including Jolley, Cross, Papamiltiadis, Purdy, O’Neil, Sukhar, Archibong, 
Thaw, Vernal, and Federov. 

What materials did you review to prepare to testify as FB’s PMQ on these topics? 

Who have you spoken with about this deposition? 

During 2012 to 2015 did your role often involve establishing or enforcing developer 
policies on Facebook Platform? 

Would your work from 2012 to 2015 have involved evaluating policy violations by apps 
or complaints about apps? 

Are you aware of any policy violation notices Facebook sent to 643 between 2012 and 
2014? 

Are you aware of any complaints against 643 sent from anyone to Facebook between 
2012 and 2014? 

Are you aware of any communications regarding 643 between any Facebook 
employees from 2012 through 2014? 


643 alleges its application broke on April 30, 2015 when it could no longer access from 
Facebook a user’s friends list and friends photos data. 



• Are you aware of Facebook taking any action around this time specifically 
against 643 that would not also have impacted other developers? 

• Did Facebook’s engineering team target 643 on April 30, 2015 to specifically 
disable 643’s access? 

• Is it fair to say that many other applications lost access to the same types of 
data on April 30, 2015? How many do you think? [More than 10,000? More than 
1,000? More than 100?] 

1_FB-0000075 - at the bottom of 77 you can see the April 30, 2014 announcement of 
Graph API 2.0 - “A more stable platform with Versioning and Graph API 2.0”. 

• Is this an official announcement of Graph API 2.0 on Facebook’s public 
website? 

• Was Graph API 2.0 the change that removed access to friends lists, friends 
photos and other types of data on April 30, 2015, which 643 alleges broke its 
app? 

• Was Graph API 2.0 variously referred to internally by Facebook employees as 
Platform 3.0, Platform Simplification and PS12N? [If “no” or “IDK,” well, the 
friends list and friends photos endpoints were both part of Platform 3.0 and part 
of Graph API 2.0, right?] 

• Does this section at the bottom of 77 and top of 78 state specifically that 
Facebook is removing access to the full friends list and photos list? [No] [Well, 
does it use the words “friends” or “photos” or any synonyms of those words?] 

• At the bottom of this announcement, at the top of 78, does it say that Facebook 
is removing, quote “several rarely used API endpoints”? 

• Were the friends list and friends photos among the endpoints Facebook 
includes in this phrase “several rarely used API endpoints”? 

• [If “IDK” or “no,” say: if you go to the changelog linked right after this phrase, on 
94 of this exhibit, the friends list and friends photos permissions appear along 
with a few dozen other types of data, correct? So Facebook says to check the 
changelog for rarely used permissions, and then when you check the changelog 
you see the friends list and friends photos permissions?] 

• Were the friends list and friends photos permissions rarely used by developers 
at this time compared to other types of data Facebook made available to 
developers? 



• Did this announcement of Graph API 2.0 on the bottom of 77 and top of 78 state 
that Facebook was privatizing these or any APIs? 

1a_FB-0000001 - 01-04 is a letter 643 sent to Facebook on March 16, 2015. 

• Have you seen this letter? When? Who gave you this letter? 

• Was your receipt of this letter the first time you became aware of 643? [When 
was the first time you became aware of 643?] 

• Did you participate in a conference call around this time with 643 and its 
counsel to discuss 643’s loss of data access? 

• Did you propose any solutions to 643 so that its app could continue working? 

• What solution or solutions did you propose? 

• Did you propose to 643 that it could store the photos of 643’s users’ friends 
outside of Facebook in a separate database so it could continue to access 
them? 

2_FB-00002208 - This is a March 2010 email from you to another Facebook employee. 
You write at the top of 08 that if an app stores a user’s photos or a user’s friends 
photos beyond 24 hours that the app is violating Facebook’s policies. Does it say that? 

3_FB-0000017 - This is the Statement of Rights and Responsibilities, or SRR, in effect 
around the time 643 became a developer on Facebook Platform. Is that correct? The 
SRR is an agreement between Facebook and its users and Platform developers. Is that 
correct? 

The SRR has a section 2 called “Sharing Your Content and Information”. It says in part: 
[Read highlight on 17 “You own all of...application settings”]. 

• Does this state that a Facebook user owns all the content and information that 
she posts on Facebook? 

• Does this state that the Facebook user can control how that content is used by 
Facebook and by other developers through privacy and application settings? 

On 20, the SRR has a section 9 called “Special Provisions Applicable to Developers”. 

Is that correct? 



• Does section 9 prohibit a developer from using Facebook’s data in another 
advertising network, selling Facebook’s user data, and accessing more data 
than is required for the application to function, among other things? 

• Are you aware of Facebook ever notifying 643 from 2012 to 2014 that 643 
violated any subsections of section 9? 

• Does subsection 19 state that Facebook can create applications that compete 
with a developer’s application? 

• Does Facebook reserve its rights in subsection 19 or anywhere in section 9 to 
take actions that might give Facebook’s applications an unfair advantage when 
competing with other applications? 

Subsection 8 says: [Read highlight on 21 “We give you all rights...you receive from 
us”]. 

• Does subsection 8 give a developer who enters into this SRR with Facebook all 
rights necessary to use Facebook’s API and data that the developer receives 
from Facebook? 

• Does Facebook reserve its rights in subsection 8 or any part of section 9 to 
provide any data on terms that are unequal to developers? 

• Does Facebook state that it reserves its right to give some companies access to 
data that it does not offer to other companies? 

• Did Facebook at any time from 2011 through 2015 give any developer special 
access to data for reasons other than beta testing new APIs before they were 
publicly released? 

• Does Facebook state in section 9 that it has the right to prevent a developer 
who has not violated any Facebook policy from accessing data that is available 
to all developers? 

• Did Facebook ever restrict access to data to certain companies that was 
available publicly for reasons other than a demonstrated policy violation? 

• Looking at section 9.1 at the middle of 20, does this section make the Facebook 
Platform Policies binding on the developer as part of this SRR Agreement? 


4_FB-0000110 - And if you go to the Facebook Platform Policies at the bottom of 111, 
there is a “Section 3. Protect Data”. And subsection 3 says: [Read highlight on 111 
“Only use...in your app”]. 



Is the friend data referenced in Section 3.3 here the data that 643 alleged it lost 
access to when its app broke on April 30, 2015? 




5_Platform is Here - This is Facebook’s public announcement on June 1,2007 
announcing Facebook Platform. Correct? It states: [Read both highlights on the first 
page] “For example, the Facebook Photos...Photos and Notes are integrated”]. 

• Does the section I just read define the social graph, or graph, as all the 
connections among people and the information they share, including, say, 
photos? 

• Does the section I just read state developers can build the same applications 
Facebook can and integrate them with Facebook? 

• Does the announcement use photos applications as an example of this kind of 
integration? 

• Do you see the URL at the bottom of the first page? 

6_Platform Is Here Public 2017 - Is it the same URL in this exhibit here? When does 
the screenshot say this image was taken in the top right? So if this screenshot is 
accurate, then this announcement from June 1,2007 is still up on Facebook’s public 
website? 

7_Platform FAQ - Do you recognize this document? Is this an FAQ Facebook released 
to the public and developers around June 2007 to answer questions regarding 
Facebook Platform? 

I want to highlight a few sections of this FAQ. In response to the question, “What is a 
Facebook application?”, the FAQ states: [Read first highlight “A Facebook 
application...that’s relevant to them”]. 

• Does this state that Facebook Platform gives developers access to the social 
graph to build apps that are more relevant to users? 

• And, you see right above that, the social graph is the network of connections, 
relationships and information shared between people? 

• Is it fair to say that the network of connections, relationships and information 
shared between people might include who these users are friends with and 
information like photos their friends have shared with them? [If “no” or “IDK,” 
what does a network of connections means if not the friend relationships among 
people? Isn’t friending people one of the main way users connect on 
Facebook?] 



In response to the question “What’s new in Facebook Platform?”, the FAQ states: 

[Read second highlight “With the latest evolution...business opportunities”]. 

• Does this answer state that the level of integration available to developers will be 
equal to or the same as the level of integration of Facebook’s own applications? 

• Does this answer state that developers can distribute their applications through 
the social graph, meaning using the network of connections among people? 

In response to the question, “What kinds of applications can be built on Facebook 

Platform?”, the FAQ states: [Read third light “Because applications...media files”]. 

• Does this answer state that applications that can access Facebook’s network of 
connections are more relevant to users? 

• Does this answer use as an example developer applications that enable users to 
view and share media files like photos and videos? 

• Did 643’s app let users view their friends’ media files, like photos? 

• To your knowledge, could a user of 643’s app view any media files that the user 
could not also view on Facebook? 

• Are you aware of any information that would call into question 643’s claim that 
all the photos you could see in 643’s app were also available on Facebook? 

• Are you aware of any information that would refute 643’s claim that if a user 
could not see a photo on Facebook, then the user could also not see a photo on 
643’s app? 

• So, if that’s true, then all the photos a user could see in 643’s app were photos 
the user could also see on Facebook. Correct? 

• So if Facebook identified an inappropriate photo and removed it from Facebook, 
643 would no longer be able to show a user that photo? 

• Are you aware of any specific information that would call into question 643’s 
claim that if Facebook removed content because it was inappropriate, or for any 
other reason, that the content was no longer available to 643? 


In response to the question, “What are the benefits of Facebook Platform for users?”, 
the FAQ states: [Read first highlight on second page “With Facebook 
Platform...opened its platform”]. 



• Does this answer state that by opening its graph to third party developers, users 
have an unprecedented amount of choice in how to define the most useful and 
relevant experiences for them? 

• Is it fair to say that the concept of “data portability” means that users can 
choose to allow other applications besides Facebook to build experiences for 
them using the data they share on Facebook? 


• Is it fair to say that when Facebook launched Facebook Platform in 2007 and its 
Open Graph initiatives in 2010 and 2011 that “data portability” was a key 
principle behind Platform and Open Graph? 

• Who would you say was the most prominent executive in support of data 
portability and an open platform at Facebook? [Taylor or Zuckerberg; if IDK, 
who was the executive that announced Open Graph in 2010 to the public? If still 
IDK, was Bret Taylor an executive at Facebook who was involved in Open 
Graph?] 

• When did Mr. Taylor leave Facebook? [If IDK, but Mr. Taylor was no longer at 
Facebook during these conversations in the summer and fall of 2013?] 

In response to the question, “How will Facebook deal with applications that compete 
with one another or even compete with Facebook applications?”, the FAQ states: 

[Read highlight on third page “We welcome developers...become the most popular”]. 

• Does this answer state that developers can build applications that compete with 
Facebook’s own applications? 

• Does this answer state that all applications, including those built by Facebook, 
will be on a quote “level playing field”? 

• Who will decide which applications become the most popular? [Users] 

• Does Facebook state in this answer that it can provide special access to data to 
certain developers and not others? 

• Does Facebook can state that it can remove access to data to an app that has 
not violated Facebook’s policies even though that data is available to all other 
developers? 

• Is it reasonable to conclude from this answer that Facebook represents that it 
will not take action that would systematically tilt the playing field in favor of 
certain developers or Facebook? 



• Was this FAQ ever posted on Facebook’s public website? Is it still on the 
Facebook website today? 

• Do you know if this information was removed from Facebook’s public website? 
[When?] 

8_Platform FAQ URL Wayback - Are you aware that the Wayback Machine is a tool 
used to archive websites to show what websites looked like in the past? 

• Do you see that this is a version of the Facebook Developer site from October 
2009? 

• Do you see there is a link to “Platform FAQ,” which is the same name as the 
exhibit we just reviewed. Is that correct? 

• And with the mouse hovering over “Platform FAQ” does that link point to a URL 
ending “page=431” in the bottom left there? 

• So it’s reasonable to conclude that this is probably the link where this FAQ was 
up on the public Facebook website? 

9_Wayback FAQ Page - Do you see that when you go to that link for the FAQ the 
Wayback Machine says “Page cannot be displayed due to robots.txt”? 

• Are you aware that robots.txt is a file Facebook created to prevent the Wayback 
Machine and other search crawlers like Google from archiving this “Platform 
FAQ” webpage? 

• Are you aware that the only way the Wayback Machine would not be able to 
archive this page is if a Facebook employee took specific action to include this 
FAQ as part of its robots.txt file? 

• Are you aware of any action taken by Facebook to ensure that the Internet had 
no record of this Platform FAQ? [If “yes,” Who? When? Under whose authority? 
If “no,” so you have absolutely no idea how and when Facebook removed the 
Internet history of this FAQ on its public website? Who would know?] 

10_Custodians - This is a letter from Facebook’s counsel to the Court earlier this 
month. You see on the top of the second page it lists Facebook’s eight document 
custodians. You are one of them. Is that correct? 


Do you know all of the other individuals in this list? 



• We are going to refer to this group of 8 people from now on as “Custodians”. 
Can you remember that when I say “Custodians” I am referring to these 8 
people? Feel free to keep this list handy for quick reference. 

• Do any of the Custodians have the authority unilaterally to decide that Facebook 
remove access to friend connections and friend data in Graph API? [If “yes,” so 
which of these Custodians made the decision for Facebook to remove friend 
data access? If “no” or “IDK,” who are all the individuals at Facebook who 
would have the authority to make a big change like that?] 

• Did any of these Custodians report directly to Messrs. Zuckerberg, Olivan, Cox, 
or Lessin from 2012 to 2015? 

11_FB-00549032 - This is a March 2014 chat string between you, O’Neil and others. A 
Facebook employee Sriram Krishnan writes: [Read the two highlights on 33 and then 
the bottom highlight of 32 from Krishnan “How do we think about...could be way off 
though”]. 

• Does Mr. Krishnan ask about Facebook’s prefill policy that prohibits developers 
from pre-filling messages with content? 

• Does he refer to the pre-fill policy as an example of Facebook preventing 
developers from doing things on Platform that Facebook is ok doing itself? 

• Does he state that it seems unfair to let Facebook but not other developers do 
this? 

• Does he state that he has a mental model regarding Platform being a level 
playing field? 

• Do you have any idea how he got that mental model of Platform being a level 
playing field? 

• Could it have been from representations by Facebook like the one in the FAQ 
about a level playing field that we discussed moments ago? 

• Does Krishnan say that his mental model could be way off? 

Kevin Lacker, a Facebook engineer, responds to Krishnan: [read fourth highlight on 32 
from Lacker “Well, as a product Messenger...growth for platform apps”]. 

• Does Lacker indicate that they are referring to whether the pre-fill policy should 
apply to Facebook’s messaging app called Messenger? 



• Does Lacker state that Facebook is willing to sacrifice some trust and user 
experience in exchange for its growth? 

• Does Lacker state that Facebook doesn’t let other developers do the same 
because it doesn’t value their trust-vs-growth tradeoff in the same way? 

• Does he state that it is inevitable that Facebook’s apps will not be on a level 
playing field as apps built by Platform developers? 

• Does he state that this is because, as of March 2014, Facebook doesn’t see 
itself as benefiting from the growth of developer apps, particularly when 
Facebook is not being paid directly? 

• How many users did Facebook have when it launched Facebook Platform in 
June 2007? [24 million] [Less than 50 million? etc] 

• How many users does Facebook have today? [almost 2B] [More than 1,5B?] 

• Do you think that at least some of those users were acquired by Facebook as a 
direct result of Facebook’s decision to become an open platform starting in 
2007? 

• Do you think Facebook’s user growth benefited from the Facebook Platform 
ecosystem of apps from 2007 to, say, late 2012? 

You’ll see just above Lacker’s comments on 32 you respond: [Read first three 
highlights on 32 “We strive to have parity...Lookback Video”]. 

• Do you respond to Krishnan’s question saying that Facebook strives to maintain 
parity with its policies but that there are times when Facebook does not 
maintain parity in order to help grow its products? 

• Do you state that someone else made the decision to pre-fill Messenger? 

• Do you know who made the decision? [Who?] 

• Do you state that Facebook should continue to prohibit developers from pre¬ 
filling messages despite the fact that Facebook chooses to do it for its own 
products? 

• There were a number of messaging apps integrated with Facebook Platform in 
some fashion around this time, no? Can you name any? 



• Do you think it’s possible that over time Facebook giving itself this advantage 
over other messaging apps might tilt the playing field in favor of Facebook’s 
own messaging apps? 

• Do you mention another example along with Messenger at the bottom of your 
note? 

• Is that example a product involving media such as videos or photos? 

• So it’s possible that by giving itself the ability to do things other developers can’t 
do in their photo or video apps, Facebook might make it more likely that its own 
photo or video apps would grow faster than competitive Platform apps? 


18_FB-00439054 - This is an October 2011 chat string in which Mr. Vernal and others 
discuss Twitter. Mr. Wyndowe writes to Mr. Kelly: [Read second highlight on 54, then 
read first highlight on 54], 

• Does “blacklist” mean that the developer cannot access certain data that is 
otherwise publicly available to Platform developers? 

• Did Facebook in fact block Twitter from receiving access to a user’s friend list? 

• Are you aware of Facebook “blacklisting” any other companies between 2011 
and today? 

A few days, later Mr. Vernal writes: [Read Vernal highlights on 66-67]. Ms. Tung 
answers him: [Read Tung highlight, 2 nd highlight, on 67], 

• Does Ms. Tung confirm that at least as of September 13, 2011 YouTube is 
blacklisted from seeing a user’s non-app friends while Twitter is not currently 
blacklisted? 

Mr. Wyndowe then writes: [Read Wyndowe highlight, 3 rd highlight, on 67], 

• Who does Mr. Wyndowe say he needs to send a summary to before they can 
restrict Twitter’s access to the full friends list? 


23_FB-00423235 - This is an October 2012 message from Mike Vernal to various FB 
employees. 

• What was Mr. Vernal’s title at this time and who did he report to? 



• Did you receive this exact message from Mr. Vernal on October 30, 2012? [Did 
you ever receive this exact message directly from Mr. Vernal? When?] 

Mr. Vernal writes: [Read bottom highlight on 35-36 “As many of you know...they can 
boost content” STOP]. 

• Who does Mr. Vernal say he’s been having conversations with for months 
regarding Platform Business Model? 

• Is “Mark” Mr. Zuckerberg? [What other Mark could he be referring to? Is there 
another person named Mark on Facebook’s executive team? You’re telling me, 
under penalty of perjury, that after reading that statement you don’t believe Mr. 
Vernal is referring to Mr. Zuckerberg?] 

• Did you participate in these particular discussions before October 2012 with 
Messrs. Vernal and Zuckerberg? 

• Do you know who participated in these particular discussions around Platform 
Business Model before October 2012? 

• What do you think Mr. Vernal means when he says developers can pay us to 
value their value? 

Mr. Vernal continues: [Read highlight on 36 “Most of the open questions...distribution 
to compensate us? STOP” 

• By “read side of the platform,” does Mr. Vernal mean the ability of developers to 
access data from Graph API or other APIs about users and their friends, such as 
photos and interests? 

• A Canvas app is an app built using Facebook’s Canvas product, correct? 

• And Facebook gets a cut of the revenues from Canvas apps? 

• When Mr. Vernal says that these hard questions weren’t necessary on Canvas 
because apps on canvas “accrue a bunch of value,” is it fair to say that one way 
he meant they accrue value is because canvas apps, and in particular games, 
generate revenue directly for Facebook? 

Mr. Vernal continues: [Read highlight on 36 “There have been a few important 
decisions...from Facebook (via action importers)”]. 

• Is the “Read API” the way developers could access information people upload 
to Facebook, like birthdays and photos, in their own apps and subject to privacy 
settings? 



When Mr. Vernal says they are going to change friends.get to only return friends 
using the app, does this mean that a user can no longer grant a developer (other 
than Facebook) permission to access the identities of all of the user’s Facebook 
friends? 

So this means that if I use a developer’s app, I can only see in the app my 
friends who have also downloaded the app? 

Does this in general, all else equal, make it less likely for an app to grow? 

When Mr. Vernal says they are going to introduce a paid invitations product, 
does this mean that developers would be able to pay Facebook in order to 
expand beyond people who have already downloaded their app in order to grow 
their app? 

What is GDP? So when Mr. Vernal says they are removing the ability to “grant 
friend data via GDP,” does he mean that it will be impossible for developers 
using Facebook’s APIs to access any data about a user’s friends? 

So this means that if I wanted to let you see my Facebook photos in an app built 
by a developer using Facebook’s public APIs, I could not let you do that 
anymore? 

List all the developers who would still be able to build an app that let you see my 
Facebook photos after this change? [None] Would Facebook be able to? [Yes] 

Is the Stream API related to a developer’s ability to read or insert content into 
Facebook’s popular newsfeed feature? 

When Mr. Vernal says they are going to “whitelist access” to the Stream API, 
does this mean that the API will be available to some developers but not others? 

When Mr. Vernal refers to “other APIs that might leak the friend graph,” does he 
mean APIs that other companies could misappropriate to potentially replicate 
Facebook’s network of users, their connections, and all their interests and other 
data? 

In bullet 2, what kind or type of networks does Mr. Vernal say they will remove 
from Platform unless they have a formal deal in place? [Competitive], 

Are you aware of any formal deals with competitive networks? 



• Please list the deals and the terms to the extent you are aware of them. Are you 
aware of no other deals with competitive networks? 

• Going back to our example of Twitter and YouTube from earlier, hasn’t 
Facebook at the time of Vernal’s note already “blacklisted” competitive 
networks? [“Yes,” so what is new about this announcement? “No” didn’t Vernal 
state that they prevented YouTube from accessing non-app friends exactly a 
year before this October 2012 email? So, what is different about this 
announcement?]. 

• In bullet 3, does Vernal define “data reciprocity” as the principle that developers 
who read data from Facebook’s graph must permit their users to contribute new 
data to Facebook’s graph? 

• On April 30, 2015, did Facebook implement a number of the measures 
described here in the launch of Graph API 2.0, including reducing data exposed 
via the Read API, removing friends_* permissions, and removing the Stream 
API? [must establish that the changes in this note are the Graph API 2.0 
changes] 

• Flow many times does the word “privacy” appear in Mr. Vernal’s discussion 
describing these major changes to Facebook Platform? [None] 

• Flow many times does the word “trust” appear in Mr. Vernal’s discussion 
describing these major changes to Facebook Platform? [None] 

• Flow many times does the phrase “user experience” appear in Mr. Vernal’s 
discussion describing these major changes to Facebook Platform? [None] 

• Flow many times does the phrase “user control” appear in Mr. Vernal’s 
discussion describing these major changes to Facebook Platform? [None] 

• Flow many times does Mr. Vernal mention an app engaging in bad behavior, 
displaying inappropriate content, or spamming users when describing these 
major changes to Facebook Platform? [None] 

I want to look at some of the comments now to Mr. Vernal’s note. Mr. Schechter 
writes: [read highlight on 35 for Schecter], 

• You were at the time a member of the Platform Operations team, known as 
POPS, right? 

• So Mr. Schecter is referring to the fact that after these changes, your team will 
need to engage in somewhat subjective evaluation around whether a particular 
developer is giving enough value back to Facebook? 



24_FB-00519531 - This is the same chat string we were just discussing on October 30, 
2012. Alex Himel writes that with this change: [read bottom highlight from Himel on 31]. 
Mr. Vernal responds: [read the two highlights from Vernal on 31]. 

• Is it fair to say that before this change, Quora could try to grow by accessing for 
free from Facebook all of a Quora user’s Facebook friends? 

• And Mr. Vernal is saying that after this change, Quora will need to use a paid or 
premium invitations feature from Facebook to use non-app friends to grow its 
app? 

• So, does Mr. Vernal say that the value Facebook brings to developers should be 
things that developers pay for? Who would developers pay? [Facebook] 

25_FB-00536437 - This is a November 2012 email string with the subject “Platform v3 
[do not forward]”. Mr. Jolley writes: [Read the first three highlights from Jolley on 37 
“The basic idea...m-team”]. 

• What is Mr. Jolley’s title and who does he report to? 

• Who does Mr. Jolley say hasn’t fully settled on what he thinks the Platform 
Business Model should be? [Zuckerberg] 

• Who does Mr. Jolley say will make “his final calls”? [Zuckerberg], 

• Who is Mr. Zuckerberg going to discuss this with when making “his final calls”? 
[Vernal, Purdy and m-team]. 

• Is “m-team” the Facebook management team, meaning the executives who 
report to Mr. Zuckerberg or another top lieutenant of Mr. Zuckerberg? 

• Did you participate in these discussions directly with Messrs. Zuckerberg, 

Vernal, Purdy and others in the middle or fall of 2012? 

• To your knowledge did any of the Custodians participate directly in these 
discussions with Messrs. Zuckerberg, Vernal, Purdy and others in the middle or 
fall of 2012? 

• Do you know who participated in these discussions in the middle or fall of 2012? 

Please turn to 38. You see at the top that Mr. Jolley describes a free “Simple Social” 
version of Facebook Platform for developers and also an “Advanced Platform” where 



the developer is charged $49 per app per year. Did Facebook ever launch a paid 
subscription product for Advanced Platform? [No], 

Now look at the bottom of 38 where Mr. Jolley describes “PREMIUM/PAID 
PRODUCTS”. 

• Does this list potential new products Facebook was considering releasing to 
developers as a way to get them to pay Facebook in exchange for Facebook 
helping to grow their apps? 

• Which of these products were released to developers? When? 

Now look at the bottom of 38 and top of 39 where Mr. Jolley describes “NEW 
RESTRICTIONS”. He lists friend_* data and non-app friends. 

• So according to this plan, even under the Advanced Platform scenario where 
developers paid Facebook an annual fee, developers still would not have been 
able to access friends’ permissions? 

You’ll see at the top of 39, regarding non-app friends, Mr. Jolley says: [Read first 
highlight at top of 39], 

• Does Mr. Jolley say here that removing non-app friends from developers would 
be very destructive to the developer ecosystem? 

Continuing on, Mr. Jolley writes that for other permissions a developer will submit for 
additional business approval to access them. He lists read_stream and some others. 
He then writes: [Read second highlight at top of 39], 

• Does Mr. Jolley write that Facebook will reject access to these permissions if 
the app is not aligned with Facebook’s business interests as Facebook chooses 
to define them? 

26_FB-00429152 - This is a December 2012 email string between O’Neil and others. 

On 59, Ling Bao, a Facebook employee, lists the “top 10 most popularly requested 
permissions”. Do you see that? 

• Is “friends_photos” one of the top 10 most requested permissions? 

• Is “friends_birthday” one of the top 10 most requested permissions? 

• Is “publish_stream” one of the top 10 most requested permissions? 

• Is “friends_birthday” one of the top 10 most requested permissions? 



• How many of the top 10 most popularly requested permissions were removed 
from Facebook’s public APIs on April 30, 2015? [should be at least 4: email, 
publish_stream, friends_photos, friends_birthday] 

• This data showing the top 10 requested permissions is from December 2012, 
correct? 

• So it’s about one month or so after Vernal’s note to employees that he, 
Zuckerberg and others had decided to prevent developers from accessing this 
exact data? 

• So at the time Zuckerberg, Vernal and others decided to restrict this data, it was 
the most widely used data on Facebook? 

• So was Facebook lying when it announced in April 2014 that it was removing 
the friends list and friends permissions because they were “rarely used”? 

• Was Facebook lying when it announced in April 2014 that it was removing the 
Stream API permissions because they were “rarely used”? [If “no” or “IDK,” so 
are you saying that between January 2013 and April 2014, developer use of 
these permissions fell off a cliff? Are you sure about that?] 

27_FB-00534487 - This is a March 2013 email string between O’Neil, Purdy and others 
with the subject “Unified Review as business value gate”. Purdy writes: [Read first two 
highlights on 87 “I have been thinking...users and the developer”] 

• What word does Purdy use to describe the kind of enforcement that poses 
challenges? [If “IDK,” what is the adjective Purdy uses to modify enforcement? 
“competitive”]. 

• What type of data does Purdy associate in parentheses around Facebook’s 
goals to enforce or restrict data access to competitors? [friends.get or friends 
data]. 

• So there is potentially some relationship between an app being competitive and 
it accessing friend data? 

• When Mr. Purdy says that enforcement is “post facto,” does he mean that 
Facebook “may just shut you down” after you’ve invested in building your app 
and acquired initial users? 

[Read next three highlights on 87 “I wonder if we...an approval thing”]. 


What is “unified review” in one sentence? 



• Is that the same as or related to Login v4 or Login Review? [yes; if no, ask to 
explain how different, they are the same]. 

• If unified review acts as “a business value gate,” does this mean that a 
developer’s ability to access certain data would be dependent on the business 
value Facebook derives? 

• Is a “capability” an action that Facebook authorizes a developer to take that 
may involve accessing data not available to most other developers? 

• Does a developer typically need to be “whitelisted” in order to access a 
capability not offered to most other developers? 

• Does Facebook have an internal tool where Facebook employees can grant 
whitelisted developers a capability that gives them access to data not available 
to developers using the public APIs? 

• Roughly how many individual capabilities could a developer be granted by 
Facebook in 2013? 2014? 

28_FB-00494539 - This is a April 2013 email from Purdy to various FB employees in 
Platform Products & Programs. Purdy writes: [Read highlights on 39], 

• Who does Mr. Purdy say they locked their platform strategy with on Monday? 
[Zuckerberg] 

• Did you participate in this meeting on Monday, April 15, 2013 with Messrs. 
Purdy and Zuckerberg? 

• To your knowledge, did any of the Custodians participate in this meeting on 
Monday, April 15, 2013 with Messrs. Purdy and Zuckerberg? 

• Do you know who else participated in this meeting? 

• What does Mr. Purdy say “the key thing is”? 

• Is NEKO an advertising product Facebook built that lets companies, including 
Platform developers, purchase sponsored stories in a user’s mobile newsfeed? 

• Does Mr. Purdy write that after his meeting with Mr. Zuckerberg, he was under 
the impression that Facebook Platform and NEKO are related? 



30_FB-00534978 - This is a May 2013 email from Purdy to others with the subject 
“Platform 3.0 (revisited)”. Purdy writes: [Read first highlight on 78 “In terms of...a new 
(data) tax”]. 


• What does Purdy say in quotes is the message he’d rather avoid? 

• Does Purdy mean that the change could be interpreted as FB requiring a 
monetary tax on access to data? 

[Read second highlight on 78-79 “Non-app friends...invites and personalization”]. 

• On the top of 79, what kind of scenarios does Purdy say Facebook will support? 
[non-competitive], 

• Is it reasonable to think that Purdy means by “non-competitive scenario” one in 
which an app does not compete with a current or planned Facebook product? 


32_FB-00523402 - This is a June 2013 email between Purdy, Vernal, O’Neil, Sukhar 
and others preparing slides on Platform 3.0, including Login and Open Graph. Purdy 
writes: [read highlights on 02], 

• Who is Mike? [Vernal], 

• Did you participate in this meeting on June 27, 2013 with Messrs. Vernal, Purdy 
and Zuckerberg to discuss Login and Open Graph? 

• Can you say for sure who participated in this meeting? 

33_FB-00235809 - This is a June 2013 email string between Chang, Archibong and 
others discussing the Amazon Gift product. An Amazon employee writes: [Read 
highlight on bottom of 14 “I know we reviewed...tomorrow”]. 

Jackie Chang, a Facebook employee, then sends an internal email to others: [read 
bottom two highlights of 13 and top highlight of 14 “@Jillian - wanted to flag.. .gifters 
for our gifting product.”] 

• Does Chang say here that Amazon’s Gift product was approved by the policy 
team? 

• Does Chang flag the Amazon Gift product because FB has a competing product 
called “Facebook Gifts”? 




Does Chang mention that Facebook could target Amazon Gift users because 
they need to contribute actions back to Facebook’s graph? 



Jillian Stefanki, a Facebook employee, then responds: [read top three highlights for 
Stefanki on 13 “Do they have whitelist...but just double checking”]. 

• Does Jillian mention that eBay has a similar product that was made possible 
due to whitelist access? 

• Does Jillian mention that it is confusing to work with Amazon when Facebook 
has a competitive product? 

• Does Jillian check to see if Facebook receives payment from Amazon for this 
product? 

Chris Daniels, a Facebook employee, then chimes in on 12: [read highlight at bottom of 
12 “Remind me...conclusion that this is ok”]. 

• What was Chris Daniels’ title and who did he report to? 

• Does Mr. Daniels suggest his opinion is that it is not ok for Facebook Platform to 
support Amazon’s Gift product? 

Ms. Chang responds: [read highlight at top of 12 “@Chris...compatibility support”]. 

• Does Ms. Chang state that Amazon’s integration was done in complete 
compliance with Facebook’s policies? 

• Does Ms. Chang attach the conversation in which Amazon’s Gift product was 
approved 6 months prior? 

• Does Ms. Chang state that if Facebook disabled every app because it “does 
something we do” that developers “wouldn’t have faith in our platform”? 

Neha Jogani, a Facebook employee, then writes on 11: [read highlight on 11 “This is 
going...like Lee mentioned”]. Is it fair to say that Ms. Jogan is also concerned about 
Amazon competing with Facebook’s Gifts product? 

Ime Archibong then responds on 10: [read the third highlight on 10 from Archibong 
“From my recollection...FB core functionality”]. 

• Mr. Archibong’s role is similar to yours in that he is involved in Facebook’s 
policy efforts to manage a fair developer platform. Is that right? 

• Does Mr. Archibong state here that one of the decision criteria when approving 
developers on Facebook Platform is whether their app replicates Facebook’s 
core functionality? 



• Is it fair to say that if an app replicates Facebook’s core functionality that it is 
competitive with Facebook? 

Archibong goes on: [Read fourth highlight on 10 “The approval of this 
integration...open vs close platform”]. 

• Does Mr. Archibong state that they concluded that Amazon’s Gifts product did 
not equate with Facebook’s core functionality because “at that time” their 
“litmus test” only included messenger, search, and newsfeed products? 

• Does Mr. Archibong imply that the definition of a competitive product was kept 
narrow to maintain the perception that Facebook Platform was an open 
platform? 

Archibong goes on: [Read fifth highlight on 10 “That was months ago...and figure out 
the next steps”]. 

• Does Mr. Archibong state that Facebook’s definition of “core functionality” 
changes based on “progress made” on Facebook’s own gift and payment 
products? 

• Does Mr. Archibong suggest a meeting for them to consider broadening what 
kinds of apps Facebook considers to be competitive? 

Justin Osofsky, a Facebook employee, then replies: [Read first and second highlights 
on 10 from Osofsky “I agree that it makes sense...Ime articulates below”]. 

• What was Justin Osofsky’s title and who did he report to during this time? 

• Does Mr. Osofsky suggest taking this conversation off email? 

• In bullet (1), what are the “primary concerns” Mr. Osofsky refers to? [Amazon 
competing with Facebook, etc.] 

• In bullet (1), what does Mr. Osofsky state will “address the primary concerns”? 
[Platform 3.0] 

• Does Platform 3.0 include the restrictions to friends_* permissions, friends.get, 
non-app friends, and the other data removed from Facebook’s public platform 
on April 30, 2015? [yes] 

• So does Mr. Osofsky imply that Graph API 2.0 will hurt Amazon’s ability to 
compete with Facebook on gifting products? 



• In bullet (2), what is Mr. Osofsky concerned might happen if Facebook 
articulates that it is expanding its definition of a competitive app? [chilling effect 
on developer ecosystem]. 

• Does Mr. Osofsky imply that Platform 3.0 could make it more difficult for 
Amazon to compete with Facebook on gifting products while also mitigating any 
chilling effect on the developer ecosystem? 

Ms. Chang then responds: [Read highlight on 09]. 

• Does Ms. Chang refer to the Platform 3.0 change to restrict friend.get APIs? 
[yes]. 

• Does Ms. Chang state that this change will eliminate Amazon’s ability to read 
non-app friend data? 

• Does Ms. Chang state that this will negatively impact Amazon’s ability to grow 
its gifting product? 

• Based on what you’ve read in this email, do you think all of the Facebook 
employees on this email string are aware that Platform 3.0 will give Facebook’s 
products a competitive advantage relative to other developers once non-app 
friend data and other Platform 3.0 changes are implemented? 

• Do you think these employees were primarily concerned about privacy or user 
trust when deciding whether to approve Amazon’s Gift app? 

34_FB-00433791 - This is an August 2013 chat string between Vernal, Purdy and 
others discussing Platform 3.0 changes. Vernal writes: [Read first highlight on 92 
“Neither Platform 3.0...to be clear”]. Koumouzelis then agrees: [Read second highlight 
on 92 “I think all...finalizing any names here”]. 

• What was the final external name Facebook decided on for the Platform 3.0 or 
Platform Simplification or PS12N changes? [Graph API 2.0 or Loginv4], 

• Who decided upon that name? When was that name decided upon? 

• Were many of the changes discussed as part of Platform 3.0 implemented as 
part of the Graph API 2.0 implemented on April 30, 2015? 

• So the friend_* permissions and the non-app friends changes were part of both 
Platform 3.0 and Graph API 2.0? 



Purdy then writes at the bottom of 92 that they should use this conversation to review 
a presentation for Mr. Zuckerberg. Vernal then writes: [read highlight at top of 93 
“Here’s my sense...are safe to use, and which aren’t”]. 

• Who does Mr. Vernal state he is going to discuss the Platform 3.0 narrative 
with? 

• Did you attend this meeting between Messrs. Vernal and Zuckerberg shortly 
after August 23, 2013? 

• Did any of the other Custodians attend this meeting between Messrs. Vernal and 
Zuckerberg shortly after August 23, 2013? 

• Can you confirm who attended this meeting between Messrs. Vernal and 
Zuckerberg shortly after August 23, 2013? 

• Does Mr. Vernal state that Facebook’s goal is to fix the parts of Platform that no 
longer make business sense? 

• Does Mr. Vernal state that developers need to understand and adapt to 
Facebook’s incentives and business model? 

• Does Mr. Vernal state that Facebook does not invest in APIs where there is no 
clear business model? 

• Does he imply that the Event, Group and Photos APIs are among that group of 
APIs for which there is no clear business model? 

• Does he imply that Facebook supports its Games and NEKO APIs on Facebook 
Platform because they make Facebook money? 

• Does he state that as part of the Platform 3.0 changes Facebook will deprecate 
“a majority of the API surface”? 

• What does “majority of API surface” mean? 

• Does “majority of API surface” mean “rarely used” API endpoints? 


Does it mean that many of the popular endpoints that developers are using the 
most and have built their businesses around will be removed? 




36_FB-00455361 - this is an August 2013 chat string between Vernal, Purdy and 
others discussing Platform Simplification. Mr. Purdy writes at the top of 73: [read first 
highlight on 73], 

• Who does Mr. Purdy imply rejected the principle where users could take their 
data to other apps? 

• Who is Javi? 

• What is Javier Olivan’s title and who does he report to? 

• What is the Growth team’s primary responsibility? 

• When Mr. Purdy says the “FB replacement game,” is he referring to a change in 
executive level management at Facebook? 

Mr. Purdy continues at the bottom of 73 and top of 74, writing that he made an attempt 
to bucket the different data permissions into five categories. 

• Are the names of the five categories: Kill, Facebook-only, Partner, Platform 
Core, and Platform Experimental? 

• Was the Experimental bucket also referred to as a Beta bucket and later on as 
an Extended bucket? [confirm those three terms are synonyms] 

• Who does Mr. Purdy say decides which APIs belong in the Kill bucket for the 
purpose of this exercise? [Vernal] 

• Who does Mr. Purdy reference preparing a slide for covering this recommended 
bucketing system? [Zuckerberg] 

• Did you attend the meeting in which Mr. Purdy presented a slide covering this 
information to Mr. Zuckerberg in August 2013? 

• Did any of the Custodians? [if she states that it is the same meeting mentioned 
earlier, ask: how do you know it’s the same meeting? Did you attend either 
meeting? Can you confirm that Messrs. Zuckerberg, Purdy and Vernal did not 
have multiple meetings in late August or early September 2013?] 

37_FB-00527170 - This is an August 2013 email string between Sukhar, Vernal, Purdy 
and others regarding Core and Beta APIs. At the bottom of 70, see that Mr. Purdy 
writes that he has attached a presentation around the API narrative “to include all the 
things we have talked to Mark about recently.” Is that Zuckerberg? [Could it be another 
Mark?] 



• Did you personally attend any of these meetings in August 2013 with Mr. 
Zuckerberg, Purdy, Vernal, Sukhar and others? 

Mr. Vernal then responds to a statement from Mr. Sukhar around pushing APIs from 
Beta to Core over time. [Read first highlight at top of 70 “I think the core.. .this 
problem”]. 

• Does Mr. Vernal suggest that Facebook has no intention of moving Beta APIs 
into Core APIs in the foreseeable future? 

Mr. Vernal then discusses having a Service Level Agreement for Beta APIs. [Read 
second highlight at top of 70], 

• Does Mr. Vernal state that what Facebook is doing today for some Graph API or 
other API endpoints is “just triaging bugs and having teams ignore them”? 

38_FB-00433779 - This is an August 2013 chat string between Vernal, Purdy Sukhar 
and various others. Sukhar writes: [Read first highlight on 81 “Just catching 
up...competitive apps”]. 

• Does Sukhar ask if Facebook can define its Core API without relying on 
competitive considerations? 

Purdy responds: [Read all the remaining highlights on 81 and top of 82 from Purdy 
“that is sharing...competitors overtime”]. 

• Does Purdy respond to Sukhar that the only Facebook Platform permission that 
is not competitive with Facebook is “sharing”? 

• Who does Purdy say hates that Facebook Platform even lets developers access 
a user’s profile picture? [Javi Olivan]. 

• And who does Mr. Olivan report to? [Zuckerberg] 

• Who does Purdy discuss a restricted level of access with? [Vernal] 

• Does Purdy say that if sharing was the only permission Facebook Platform 
allowed, then Facebook would “leak nothing,” meaning “no user data would be 
given to competitors”? 

• Who does Purdy say should weigh in? [Vernal and Zuckerberg] 


What does Purdy state he is under pressure to do on the fourth line of 82? 



• Who put Purdy under this pressure? [Zuckerberg, Olivan, Cox, Lessin, Vernal] 

• Who would you suspect put Purdy under this pressure? 

• Who had the authority to put Purdy under this pressure? 

• Who does Purdy report to? [Vernal] 

• Who does Vernal report to? [Zuckerberg] 


Sukhar then responds: [Read third highlight on 82 “Yeah, that makes sense...better 
than status quo”]. 

• What does Sukhar suggest they need a crisp story around? 

• Does Mr. Sukhar suggest that letting competitive apps know what they can 
access is better than the ambiguous situation competitive apps are in now? 

Vernal then lists different data permissions on the bottom of 82 and top of 83. 
Regarding competitors’ access to photos, Vernal writes: [Read highlight at top of 83]. 

• What is Vernal’s recommendation regarding photos? 

• By “kill all non-profile photos,” does he mean remove developer access via 
Graph API to all of those photos? 

• Is it fair to say that the people involved in this discussion are receiving guidance 
from Zuckerberg on the topics being discussed? 

• Is it fair to say that protecting against competitive threats is a key motivation for 
the people involved in this discussion when discussing the decision to restrict 
access to data? 

• And the data being discussed includes friends lists and friends photos? 

• And friends lists and friends photos is the data 643’s app depended on? 

• So is it fair to say that 643’s app broke on April 30, 2015 because of decisions 
made in 2012 and 2013 involving Zuckerberg which were designed to harm 
Facebook’s competitors? [no follow up] 



39_FB-00573558 - This is an August 2013 email from Purdy after the Zuckerberg 
meeting Vernal, Purdy, Sukhar and others had attended on August 27, 2013. The 
subject of the email is “PS12N Zuck review”. Purdy writes: [read all highlights on 58 
“any backchanneL.week by Friday], 

• Did you personally attend this meeting on August 27, 2013 with Mr. 
Zuckerberg? 

• Who does Purdy ask for backchannel feedback from Mr. Zuckerberg? [Vernal]. 
Why would Purdy ask Vernal for Zuckerberg’s feedback? 

• Who asked Purdy to get answers to Zuckerberg’s main questions? [Vernal] 

• What is a “rm API”? [If IDK, would Mr. Zuckerberg know the answer to that? 
Who would know the answer to that?] 

• Is one of Mr. Zuckerberg’s questions asking if a world class photo product 
needs an API? 

• Does Purdy characterize Mr. Zuckerberg as suggesting that if Facebook 
Platform already has a Photos API, then they are imposing a burden on the 
team? 

• What burden specifically? [If IDK, would Mr. Zuckerberg know the answer to 
that? Who would know the answer to that?] 

• Does Purdy state that they will have another meeting with Zuckerberg about 
this next week? 

• How frequently did Purdy, Vernal, and Sukhar meet with Zuckerberg regarding 
Platform 3.0, or Graph API 2.0, changes during the second half of 2013? 

40_FB-00061650 - This is an August 2013 email exchange involving Papamiltiadis, 
Cross, Archibong and Daniels. Archibong writes: [Read the bottom three highlights on 
53 from Archibong and the one on top of 54 “Simon, Konstantinos...with Zuck and 
others”]. 

• What does Archibong ask Cross and Papamiltiadis to put on slide 1 ? 

• Is a private API the same as a whitelisted API? 


What does Archibong ask Cross and Papamiltiadis to put on slide 2? 


How many developers were using private or whitelisted APIs at this time? 



• Who does Archibong state asked him to collect this information? [Chris Daniels], 

• Who does Archibong state Daniels wants to share the information with? 
[Zuckerberg], 

• Why does Zuckerberg want to see a list of all the partners with private API 
agreements? 

• Why does Zuckerberg want to see a list of all the developers impacted by 
Platform 3.0 changes like removing friends.get and non-app friends? 

• What are the two files attached to the bottom of Archibong’s email on 54? 

• What “thinking” does the second email exchange include? 

Mr. Daniels then replies to Cross and Papamiltiadis on 53: [Read top two highlights on 
53 “Can I ask...turn off access”]. 

• Does read_stream permit a developer to access or interact with a Facebook 
user’s Newsfeed? [If “no,” what does read_stream do?] 

• Was read_stream a widely used API by developers? 

• Does Mr. Daniels state that the two criteria they should use to determine 
whether to permit access to read_stream data is the value Facebook gets from 
that developer and whether Facebook would be damaged by removing access 
to read_stream for that developer? 

• What is Mr. Daniels’ default stance if a developer doesn’t provide “value” to 
Facebook and Facebook won’t be harmed by shutting off the developer’s 
access to data? [shut off access to data] 

• Do you think Mr. Daniels developed this stance on his own? 

• Do you think Mr. Daniels is following the orders of his superiors? 

• Who would have the authority to instruct Mr. Daniels to turn off access to data 
to developers that don’t meet one of these criteria but to keep access to data 
for developers who do? 

• What do you think Mr. Daniels means by “value” in these comments? [What are 
the possible things Mr. Daniels could mean by “value”?] 



43_FB-00555295 - This is an August 2013 email exchange between Koumouzelis, 
Purdy, Sukhar and others regarding which types of data to shut down as part of the 
Platform 3.0 changes. Koumouzelis writes: [Read highlight at top of 97 “Doug & 

Mike...strategic partners”]. 

• Does Koumouzelis state that Purdy and Vernal plan on restricting all feed data 
except to a “whitelist for strategic partners”? 

Mr. Himel then asks: [Read highlight on 96]. Koumouzelis responds: [Read highlight on 
95], 


• Does Koumouzelis state that developers who will be whitelisted are likely to be 
the ones with non-standard contracts or strategic relationships with Facebook? 


• Could a non-standard contract sometimes be a contract that gives a developer 
access to data that is not available in public Graph APIs? 


• Could a strategic relationship with Facebook sometimes involve a developer 
purchasing advertising sold by Facebook? 


• Does Koumouzelis’ answer to Himel’s question about how to determine which 
apps to whitelist refer to either user privacy or user trust as factors to consider? 


44_FB-00061365 - This is an August 2013 email string involving Lessin, Archibong, 
Chang and Papamiltiadis. Chang describes Platform 3.0 risk assessment tabs in a 
spreadsheet that organizes developers in different buckets: [read highlights at bottom 
of 69 from Chang “PR risk...closely on”]. 


• Does Ms. Chang describe a tab in her attached excel sheet listing developers 
that may cause negative press? 


• Does Ms. Chang describe a tab in her attached excel sheet listing developers 
that may provide strategic value to Facebook who use read_stream and friend 
data? 


• Does Ms. Chang suggest they should evaluate certain use cases of particular 
“strategic value” to Facebook? 

• Does Ms. Chang describe a tab in her attached excel sheet listing developers 
that are competitive or not useful to Facebook? 

• Does Ms. Chang state that it is good that Facebook is removing the developers 
in this competitive bucket? 



• Does Ms. Chang describe a tab in her attached excel sheet listing developers 
whose businesses Facebook would kill or disrupt in a major way? 

• Does Ms. Chang state that there are developers whose entire business is built 
on stream or friend data? 

• Does Ms. Chang state that these developers who would have their entire 
business killed should be part of a public relations flag? 

• Does Ms. Chang describe a tab in her attached excel sheet listing developers 
who were sold Facebook advertising and campaigns by a sales team who now 
have ongoing integrations that might be disrupted? 

Mr. Papamiltiadis then follows up on Ms. Chang’s note with an update: [Read second 
highlight on 67 “Simon managed...friends_permissions”]. 

• Does Papamiltiadis write here that more than 40,000 apps use the 
friends_permissions? 

• Does Papamiltiadis categorize the apps into games, in-house, strategic, comms, 
lifestyle, photosharing, astrology, media/music/books/fitness, and unknown? 

• What percentage of the apps are photo sharing apps? [7%] 

• Regarding photo sharing apps, does Papamiltiadis say that Facebook “removing 
full access to the friends list would require significant changes from these 
developers”? 

• What is the recommendation Papamiltiadis writes regarding photosharing apps? 
[REMOVE ACCESS], 

• When Papamiltiadis says “remove access,” does he mean that photosharing 
apps will not have access to the full friends list? 

Mr. Archibong then asks Papamiltiadis a question regarding lifestyle apps: [Read first 
highlight on 67], 

• What does an app typically do in order to be classified as a lifestyle app? 

• Does Archibong state that in order to determine which lifestyle applications can 
continue to access data that they need to determine the direction of the Identity 
team’s products? 



• Is it fair to say that the Identity team at this time managed one of the most 
important experiences on Facebook by building products that make Facebook a 
system of record for a person’s real identity online? 

• Who ran the identity team at this time? 

• Who are Sam and Matt? [Sam is Lessin. Matt is who? Is it reasonable to 
conclude that the “Sam” referred to here is Mr. Lessin? Could it be another Sam 
on the identity team?] 

• Why would Archibong on the Platform operations and policy team need to 
speak with Mr. Lessin in order to determine whether to permit developers to 
access certain kinds of data on Facebook Platform? 

• What was Lessin’s title at this time and who did he report to? 

• Would you consider Sam Lessin a confidant of Mr. Zuckerberg? 

• Do you think Facebook employees would consider Sam Lessin a confidant of 
Mr. Zuckerberg? [If “IDK,” if I asked other Facebook employees whether it is 
generally known that Lessin is a confidant of Zuckerberg, what would they say?] 

Mr. Archibong asks Mr. Lessin, who responds: [Read highlight on 66 “my gut is 
pretty...leak data”]. 

• Does Mr. Lessin state that Facebook should shut down access to friends data 
for lifestyle apps? 

• Does Mr. Lessin state that Facebook should shut down access to friends data 
for lifestyle apps because of user privacy? 

• Does Mr. Lessin state that Facebook should shut down access to friends data 
for lifestyle apps because of user trust? 

• Does Mr. Lessin state that Facebook should shut down access to friends data 
for lifestyle apps because they are ultimately competitive with Facebook? 

45_FB-00473314 - This is an August 2013 email between Vernal, Purdy, Daniels, 
Sukhar and others regarding a meeting with Zuckerberg on Platform 3.0 changes. 
Daniels writes: [Read second highlight entirely at bottom of 15 “I thought Mark’s 
questions...our Photos APIs”]. 




Who is Mark? [Zuckerberg] 



• Does Mr. Daniels write that, based on a meeting with Zuckerberg, it would be a 
good exercise to categorize the different APIs based on their “rationale” for 
getting rid of them? 

• Is one of the categories: APIs Facebook is eliminating for strategic reasons? 

• Is friends.get, the full friends list, one of the APIs Daniels states they are 
eliminating for strategic reasons? 

• When does Daniels say they should shut down these APIs they are eliminating 
for strategic reasons? 

• What do you think Daniels’ means by “strategic reasons”? 

• Is one of the categories: APIs Facebook is eliminating due to developer 
perception - that is, APIs that are not properly maintained? 

• Does Daniels write that these APIs should be shut down all at once and that it 
should be explained to developers that they are being shut down in part 
because they’re not used? 

• Is one of the categories: APIs Facebook is eliminating due to a lack of resources 
to support them? 

• Who does Mr. Daniels say gave feedback about this category? 

• Does Daniels say that Zuckerberg gave feedback that they should be careful 
about completely removing these APIs? 

• Does Daniels say that they need to be careful because many partners use these 
APIs and there are a bunch of contracts that involve these APIs? 

• Does Daniels mention that Apple’s use of the Photos APIs is one example in this 
category? 

• Did Apple have permissions to read or write data regarding Facebook photos 
after April 30, 2015 that was not available to all developers on Facebook 
Platform? 

• Did Apple have permissions to read or write data regarding Facebook photos 
before April 30, 2015 that was not available to all developers on Facebook 
Platform? 




• Does Daniels specifically describe a bucket of APIs they are eliminating in order 
to restore user trust or promote user privacy? 

• Did you hear this feedback Daniels describes firsthand from Mr. Zuckerberg on 
or around August 27, 2013? 

• To your knowledge, did any of the Custodians hear this feedback Daniels 
describes firsthand from Mr. Zuckerberg on or around August 27, 2013? 

Mr. Vernal then responds to Daniels: [Read bottom three highlights on 14 and top 
highlight on 15 from Vernal “I don’t think the exercise...business cost be?”]. 

• Does Mr. Vernal use the same phrase, “strategic reason,” that Mr. Daniels used 
in the passage we just read? 

• Does Mr. Vernal say that Facebook needs to have “some strategic rationale” to 
keep the Photos API? 

• Does Mr. Vernal use the phrases “user experience,” “user privacy” or “user 
trust” anywhere in this particular email when describing that strategic reason or 
strategic rationale? 

• Does Mr. Vernal say that the question they should be asking when considering 
to remove an API is what the business cost would be if they removed it? 

• Does Mr. Vernal say that the question they should be asking when considering 
to remove an API is whether that API damages user trust or user privacy? 

• Does Mr. Vernal say that they shouldn’t keep the Photos API just for “data 
portability” reasons? 

• Did any companies have permissions related to the Friends API or Photos API 
after April 30, 2015 that were not available to all developers who integrated with 
Facebook Platform? [If “IDK,” how would you find out? Is there a tool you could 
use to check? What capabilities would you look for? If “yes,” How many? Who? 
How many of these developers had contracts with Facebook to purchase 
advertising?] 

• Do any companies today have permissions related to the Friends API or Photos 
API that are not available to all developers who integrate with Facebook 
Platform? [If “IDK,” how would you find out? Is there a tool you could use to 
check? What capabilities would you look for? If “yes,” How many? Who? How 
many of these developers have contracts with Facebook to purchase 
advertising?] 



Daniels responds to Vernal: [Read top two highlights on 14 “My point isn’t...partner 
thrash”]. 

• Does Mr. Daniels state that it is his understanding after this August 27, 2013 
meeting with Mr. Zuckerberg that Facebook should be “ruthless” when shutting 
down APIs for strategic reasons? 

• Does Mr. Daniels state that he is glad to hear they won’t fully shut down the 
APIs but will keep them available for “limited partners”? 

• Does Mr. Daniels state he is glad to hear this to avoid “partner thrash”? 

• Does Mr. Daniels mean by “partner thrash” any negative repercussions or 
damage that would occur to Facebook’s partners? 

• Is it possible that a “Facebook partner” means a company that has a contract 
with Facebook in which the partner pays Facebook money? 

• Roughly how many Facebook “partners” have a contract with Facebook in 
which the partner pays Facebook money? [If “IDK,” well, what does it mean to 
be a Facebook partner? What is Facebook partnering on with these companies? 
Get her to say advertising campaigns is one of the things they partner on. Get 
her to admit that advertising campaigns involve money paid by the company to 
Facebook]. 

• Is it fair to say that Messrs. Vernal, Sukhar, Daniels, Purdy and the others on this 
email string are of the opinion following their meeting with Mr. Zuckerberg that 
Facebook will shut down public access to many of its APIs for strategic reasons 
but still keep them available to close Facebook partners? 


46_FB-00577598 -This is an October 2013 presentation entitled Platform 
Simplification. If you go to 637 you’ll see that permissions like non app friends, friends 
permissions and newsfeed are placed in a bucket of private APIs for partners who 
“need a contract” with Facebook. Do you see that? 


Now look at 644. This slide says that one of the changes to protect the graph is to 
deprecate read_stream. That permission relates to developer’s ability to interact with 


Facebook’s Newsfeed, right? It then says that deprecating read_stream is a “hi-pri 
directive from Mark”. Is that right? 


• Does this slide say that removing developer access to the read_stream 
permission is a high priority directive from Mr. Zuckerberg? [Is there another 
Mark who could give a high priority directive to remove developer access to one 
of Facebook’s most popular and valuable features?] 


















• Did you receive this high priority directive from Mr. Zuckerberg personally? 


• Did any of the Custodians receive this high priority directive from Mr. 
Zuckerberg personally? 

• Do you know who received this high priority directive from Mr. Zuckerberg 
personally? 


• Do you know when Mr. Zuckerberg gave this high priority directive? 

47_FB-00473462 - This is an August 2013 email from Koumouzelis with the subject 
“Platform 3.0”. Koumouzelis writes: [Read highlight on 63 “Unified Review...in 
actuality, privatized”]. 

• Does Koumouzelis write here that friends_* permissions are being privatized? 

• When Facebook announced Graph API 2.0 on April 30, 2014, in which the 
friendsj* permissions were removed from Graph API, did Facebook announce 
that these permissions were being “privatized”? 

• Did Facebook announce that these permissions were being “deprecated”? 

• Does “deprecate” imply that the permission either will no longer be supported or 
that it will be removed completely? 

• Does “privatize” imply that the permission will no longer be publicly available but 
instead will be available as part of a Private API accessible to a limited number 
of companies? 

• What do you think Koumouzelis means when he says “deprecated (in actuality, 
privatized)?” 

• Is a Private API one that can only be accessed by developers who sign a non¬ 
standard contract with Facebook, meaning a contract other than Facebook’s 
SRR? 

• Is Unified Review the requirement that all APIs and permissions a developer 
wants for its app will be reviewed and approved by Facebook? 

• Was Unified Review also known as or related to Login Review or Loginv4? 

• Is it fair to say that Unified Review is something that Facebook expected would 
increase user trust and privacy? 











• Could it have been possible for Facebook to have implemented Unified Review 
without deprecating or privatizing friends or photos permissions? [If “no” or 
“IDK,” well, Facebook could have required a unified review of all developer 
permissions in order to approve an app but still permitted a developer to access 
the full friends list after the review, no?] 

• So Unified Review and removing friends permissions aren’t necessarily related, 
meaning it is possible to have one without the other? 

• But Koumouzelis describes them together in this sentence I read, correct? 

Let’s go to 67 in this exhibit, Koumouzelis writes: [Read highlight on 67], 

• Does Koumouzelis state that all apps built by Platform developers will go 
through Unified Review? 

• Does Koumouzelis state that there are benefits to doing so? 

• Does Koumouzelis state that one of the benefits is that Facebook’s message to 
developers comes across as much more positive because Facebook is using 
permission review to improve user trust? 

• Is it fair to say that Koumouzelis is implying that by combining the discussion of 
Unified Review with the privatization of APIs that Facebook is delivering a more 
positive and defensible message to developers? 

48_FB-00513515 - This is an August 2013 chat string among various Facebook 
employees, including Vernal, Sukhar and Purdy. A Facebook engineer, Ling Bao, 
writes: [Read first two highlights on 22 “for non-goal...utility here?”]. 

• Does Mr. Bao imply that Facebook used to support the ability of users to take 
their data with them? 

• Does Mr. Bao imply that it is no longer a goal of Facebook’s to let people take 
their data with them? 

• When Mr. Bao refers to “login,” does he mean the tool Facebook offers to 
developers where they can login to a developer’s app using their Facebook 
username and password? 

• Does Mr. Bao imply that there is an idea going around that if your app is 
competitive with Facebook, that Facebook will no longer let you use Login? 



• Does Mr. Bao ask if there is a minimum level of functionality Facebook can 
guarantee it will provide to an app even if it is competitive? 

Purdy responds: [Read bottom 5 highlights on 22 from Purdy and all the highlights on 
23 “The meme is wrong...make a call here”]. 

• Does Mr. Purdy state that Mr. Bao is wrong because Facebook has never taken 
away Login from competitive apps? 

• Does Mr. Purdy state that Facebook has decided to take friends.get away from 
competitive apps? 

• Does Mr. Purdy suggest they consider creating another category of developers 
named “restricted”? 

• Does Mr. Purdy suggest adding WeChat to the restricted category? 

• Was WeChat a popular messaging app in Asia that offered products competitive 
with Facebook during this time? 

• Who does Mr. Purdy state is opposed to letting WeChat access the user profile 
photo permission on Facebook Platform? [Javier Olivan] 

• Who does Mr. Olivan report to? 

• Does Mr. Purdy suggest that they tackle now restricting WeChat’s access to 
data on Facebook that is available publicly to all other companies who integrate 
with Facebook Platform? 

• Who does Mr. Purdy state needs to make the call regarding whether to restrict 
WeChat’s access to data? [Vernal] 

• Who does Mr. Vernal report to? [Zuckerberg] 

• Did you personally discuss with Mr. Olivan his desire to restrict WeChat’s 
access to publicly available Facebook data around August 2013? 

• Did you personally discuss with Mr. Vernal his recommendation whether to 
restrict WeChat’s access to publicly available Facebook data around August 
2013? 

• To your knowledge did any of the Custodians personally discuss with Messrs. 
Olivan or Vernal whether to restrict WeChat’s access to publicly available 
Facebook data around August 2013? 




• Did Facebook restrict WeChat’s access to publicly available Facebook data 
around or anytime after August 2013? [If “IDK,” who would know the answer to 
that? Would Mr. Olivan? Mr. Vernal?] 


50_FB-00478902 - This is a September 2013 chat string with Vernal, Sukhar, Purdy 
and others regarding the Graph API 2.0 changes. Purdy writes: [Read all three 
highlights from Purdy on 02 “We can get time...given the opportunity”]. 

• Does Mr. Purdy state that they can meet with Zuckerberg that Friday, which was 
September 13, 2013, to discuss the timeline and API decisions regarding Graph 
API 2.0 or Platform 3.0 changes? 

• Does Purdy state that the next time they can meet with Zuckerberg to discuss 
this topic is September 24, 2013? 

• Does Purdy state that the last time they met with Zuckerberg to discuss this 
topic was two weeks ago? 

• Did you personally participate in any of these meetings on September 13 th , 24 th 
or two weeks prior to September 11 th ? 

• Do you know when these meetings were held? 

• Do you know who participated in these meetings? Who? [if “yes,” how do you 
know who participated?] 

Sukhar then responds: [Read first highlight from Sukhar on 03 “I feel like...rather than 
later”]. 


• Does Mr. Sukhar state that they might require Mr. Zuckerberg’s input on certain 
APIs? 

• Does Mr. Sukhar imply that it would be Mr. Zuckerberg’s decision regarding 
whether Facebook can commit to maintain a particular API for 2 years? 

• Does Mr. Sukhar state it would be better to meet with Mr. Zuckerberg sooner 
rather than later so they can finalize their plan? 

Vernal then responds: [Read second and third highlights from Vernal to bottom of page 
on 03 “Can summarize what...this stuff sooner”]. 

• Does Mr. Vernal ask Sukhar, Purdy and the others on this string to summarize 
what decisions they want Mr. Zuckerberg to make? 



• Does Mr. Vernal summarize the points they discussed in their last meeting with 
Mr. Zuckerberg? 

• Is one of the discussion points that Facebook’s commitment to a stable core of 
APIs will entail login, sharing and payments? 

• Does Mr. Vernal list here any other APIs that would be part of this stable core? 

• Is one of the discussion points that Facebook will fully deprecate photo and 
video APIs? 

• Is one of the discussion points that it will take until January 2014 to implement 
these Graph API 2.0 or Platform 3.0 changes? 

• Does Mr. Vernal state that Mr. Zuckerberg provided feedback on these 
discussion points? 

• Does Mr. Vernal state that Mr. Zuckerberg was “fine” with stable core being 
made up of only login, sharing and payments? 

• Does Mr. Vernal state that Mr. Zuckerberg wanted them to speak with other 
teams regarding deprecating the photo and video APIs? 

• Is it possible that Mr. Zuckerberg wanted Mr. Vernal to speak with other teams 
regarding photo and video APIs because Facebook has many partners with 
contracts whose advertising campaigns or other promotions with Facebook 
depend on these APIs? 

• Does Mr. Vernal state that Mr. Zuckerberg asked them to try to launch these 
Graph API 2.0 or Platform 3.0 changes sooner? 

• Is it possible that Mr. Zuckerberg wanted them to announce these changes 
sooner in order to more quickly eliminate competition? 

51_FB-00061221 - This is a September 2013 email exchange involving you, 
Papamiltiadis, Archibong and others with the subject “Proactive and Reactive removal 
of permissions”. Papamiltiadis writes: [Read full highlight on 22 “Unlike platform 
simplification...if significant enforce sooner”]. 




Papamiltiadis quotes text from Mike describing the rationale behind Platform 
3.0. Who is Mike? [Vernal] 



• Does the text Papamiltiadis quotes from Mr. Vernal describing the rationale for 
removing non-app friends and other Graph API permissions use the phrases 
“user privacy” or “user trust” when explaining that rationale? 

• Does Papamiltiadis state that the audit of apps he is doing at this time was 
triggered by apps in the identity space? 

• Is Mr. Lessin a member or leader of the identity team and did he trigger this 
review by Papamiltiadis? 

• Does Papamiltiadis state that apps that provide context, contacts and 
reputation overlap with Facebook’s own product roadmap? 

• Does he state that these apps access data from the graph without 
reciprocating? 

• Does he state that at least a few of them are competitive in nature? 

• What apps does Papamiltiadis list? [Refresh, sync.me, Tinder, Linkedln] 

• To your knowledge, were any of these apps ever on a whitelist or blacklist? 

• Does Papamiltiadis ask for help to uncover apps that might be potential 
competitive threats? 

• Does Papamiltiadis state that if the competition from the app is significant that 
Facebook might enforce sooner? 

• Sooner than what? [PS12n, Platform 3.0, Graph API 2.0] 

• So Papamiltiadis is saying that it is possible Facebook could restrict data 
access to these competitive threats before the Graph API 2.0 or Platform 3.0 
announcement? 

• So is it fair to say that when Papamiltiadis states that they could “kill two birds 
with one stone,” he means that rather than restricting data access on a case-by- 
case basis against competitive apps, Facebook could use Platform 3.0/Graph 
API 2.0 changes as a way of addressing these “potential competitive threats” all 
in one go? [If “no” or “IDK,” is there another interpretation of Papamiltiadis’ 
statement in that final paragraph?] 

Papamiltiadis follows up directly with Archibong later that day. [Read both highlights on 

21 ]. 




• Does Papamiltiadis state that you told him Facebook does not need to change 
its policies to remove, and I quote, “potential competitive threats”? 

• Does Papamiltiadis state that you mentioned you were putting pressure on Mr. 
Osofsky to enforce data restrictions sooner rather than later on an app that 
was violating data leakage policies? 

• What app does Papamiltiadis state you were referring to? 

• Who made that app and what does it do? 

• Did Facebook have a product during September 2013 that did the same thing 
as that app? [If “no,” was Facebook planning or considering a product that did 
the same or similar things to that app?] 

• What was Facebook’s data leakage policy in September 2013? 

• Flow was this app violating Facebook’s data leakage policy? 

• Who does Papamiltiadis state he needs to review this proposal as he is the 
customer for the audit? [Mr. Lessin] 

52_FB-00061233 - This is a September 2013 email exchange between Papamiltiadis 
and Archibong regarding the audit of competitive apps. Papamiltiadis writes: [Read 
highlights on 36], 

• Does Papamiltiadis state that he is pulling together data points for a meeting 
with Mr. Lessin? 

• Does Papamiltiadis state that Refresh is an app with 80% of its lifetime users 
retained as monthly active users? 

• Who made the Refresh app and what does it do? 

• Does Papamiltiadis state that the Refresh app is not spammy or crap but an app 
that users like and use a lot? 

Archibong then writes back to Papamiltiadis after the meeting with Mr. Lessin. [Read 
second, third and fourth highlights at bottom of 35 “Great job...taking any action”]. 

• Does Archibong reference a meeting with Mr. Lessin on or around September 
17, 2013? 

• Did you personally participate in this meeting? 



• Does Archibong ask Papamiltiadis to update his recommendation on how 
Facebook Platform will treat context, contact, reputation and productivity apps 
when they submit for review based on Mr. Lessin’s product roadmap? 

• Does Archibong ask Papamiltiadis to consider restricting data access to certain 
apps faster based on Mr. Lessin’s input? 

• What app does Archibong state is an example of an app that based on Mr. 
Lessin’s input, they should potentially restrict data access to sooner? 

• Is it fair to say that Papamiltiadis’ recommendations are being guided by Mr. 
Lessin? 

• Is it fair to say that Mr. Lessin is requesting that Facebook Platform restrict data 
access to apps that are competitive with existing or future products he may be 
building for Facebook? 

Papamiltiadis then follows up a week later with Daniels and Archibong, attaching a plan 
he created based on his meeting with Mr. Lessin. Papamiltiadis writes: [read first 
highlight on 35] “Communicate this plan...act independently”]. 

• Who does Papamiltiadis state he is going to ask about the timing of restricting 
data access? [Vernal and Lessin] 

• What are the two options around timing that Papamiltiadis references Mr. Vernal 
and Mr. Lessin will decide on? 

• So is it fair to say that Papamiltiadis thinks Mr. Vernal and Mr. Lessin are 
responsible for the decision to shut down competitive applications immediately 
or to wait until Graph API 2.0 launches? 

Mr. Daniels responds to Papamiltiadis’ question around timing: [Read all highlights on 
34 “The prevailing opinion...platform access”]. 

• Does Mr. Daniels’ state that Mr. Vernal and Mr. Osofsky are under the 
impression or of the opinion that Facebook will wait to restrict data access to 
these competitors in conjunction “with Platform 3,” also known as Graph API 
2 . 0 ? 

• Did you personally participate in discussions with Messrs. Daniels, Vernal and 
Osofsky in which any of them communicated this to you? 

• To Mr. Daniels, what does the timing of restricting data access depend on? [the 
level of competitive threat] 



• According to Mr. Daniels, if the level of the competitive threat is very high, 
should Facebook restrict access to data sooner or later? 

• Does Mr. Daniels state here that the timing of restricting data access depends 
on how much the app harms user trust or user privacy? 

• What does Mr. Daniels mean when he writes “forcing spend for access to 
permissions”? [If “IDK,” could he mean that developers would need to purchase 
advertisements from Facebook or otherwise pay Facebook in exchange for 
accessing data that at the time was publicly available on Facebook Platform?] 

• Does Mr. Daniels state his opinion that Facebook should separate advertising 
purchases by developers using Facebook’s NEKO advertising product from 
whether those developers receive access to Platform data? 

• Are you aware of any other discussions in which Facebook employees 
discussed whether to force developers to buy advertising from Facebook if they 
wanted to continue to access Facebook’s data? [If “yes,” did you participate in 
any of these discussions? What companies? When? Who made the decision? 
What amount of payment over what time? What data was exchanged? Etc etc] 

• Are you aware of any instances in which Facebook gave certain companies 
access to data that was not available to all companies on Facebook Platform in 
exchange for the company making advertising or other payments to Facebook? 

53_FB-00061249 - this is an email exchange between Papamiltiadis and Archibong 
describing feedback they received from Mr. Lessin. [Note at the top of 52 they write 
that Mr. Lessin did not go for option A.] 

Archibong writes: [Read highlight at bottom of 51 from Archibong “I think we 
should...to protect our strategic goals”]. 

Papamiltiadis then responds with his key points based on Mr. Lessin’s feedback: [Read 
top highlights on 51 “Find out what...affected is significant”]. 

• Does Papamiltiadis state that he is going to figure out how much these apps 
like Refresh spend on advertising on Facebook’s NEKO advertising product? 

• Does Papamiltiadis state that under this plan data access will be restricted in 
one-go to apps that don’t spend money with Facebook? 

• Does “in one go” mean when the Platform 3.0 or Graph API 2.0 changes are 
announced? [If “No” or “IDK,” was there another time where data was restricted 
all at once that Papamiltiadis might be referring to?] 



• Does Papamiltiadis state that under this plan apps must pay Facebook 
$250,000 per year in NEKO advertising purchases in order to maintain access 
to the data being restricted under Platform 3.0/Graph API 2.0? 

• Does Papamiltiadis state that they will reject or approve future app submissions 
based on the $250,000 spending requirement in the future? 

• How many apps in the list of 40,000 apps Papamiltiadis prepared would have 
the ability to pay $250,000 per year to Facebook for advertising? [IDK] 

• Is it possible that a majority of those 40,000 apps would not have the financial 
wherewithal to pay a quarter of a million dollars each year to Facebook? 
[Some?] 

• Did you personally participate in the meeting with Papamiltiadis and Lessin in 
which these “key points” were discussed? 

• At any time, did you become aware of the “key points” in this email? 

You’ll see on this same page 51 that Papamiltiadis tells Archibong he is going to speak 
with you the next morning at 11am. 

• Did that meeting occur? 

• Did Papamiltiadis mention any of these “key points” to you at the time? 

• What was Papamiltiadis’ reaction or mood upon receiving these instructions 
from Lessin? [happy, sad, surprised, angry, etc] 

54_FB-00061393 - This is a September 2013 email exchange in which Archibong, 
Daniels, Cross and others discuss a comment written by a Facebook engineer, David 
Poll. Poll writes: [Read full highlights on bottom of 94 and all of 95 “I was thinking 
about...along with the bad?”] 

• Does Mr. Poll state that two apps that are a key part of how he uses his phone 
every day will be “irrevocably broken” because Facebook is removing 
“friend_list”? 

• Does Mr. Poll state that his fundamental problem is that, as a smartphone user, 
his friend list is his information and that Facebook shutting down his access to it 
comes across as Facebook intruding upon his control over his own information? 



• Does Mr. Poll state that as a smartphone user, Facebook’s restriction of data 
access to developers will have a “significant negative impact” on his day to day 
smartphone experience? 

• Does Mr. Poll suggest that Facebook find an alternative way to address any 
abuse on Platform that avoids shutting down entire classes of good apps? 

You see Mr. Rose forwards the message to others and asks if Facebook would 
whitelist these apps to address Mr. Poll’s concern. Is that correct? 

Mr. Archibong responds with a suggestion. [Read fourth highlight at bottom of 93 “One 
suggestion...into that conversation”]. 

• Does Archibong suggest categorizing the apps David Poll is concerned about as 
“contact” apps as a potential solution to avoid breaking them? 

• Does Archibong say that an app Poll is concerned about is similar to another 
app called Xobni? 

• Who makes Xobni and what does it do? [Yahoo purchased in 2013, smart 
address book app on phone] 

• Who does Archibong state wanted to shut off Xobni? [Does Archibong state that 
Mr. Zuckerberg wanted to switch off Xobni? Is there another Mark that 
Archibong could be referring to? If “yes,” get details on Mark] 

• Does Archibong state that product, meaning the product team, wanted to shut 
off Xobni? 

• Was Mr. Cox still the Chief Product Officer who oversaw the product team at 
Facebook in September 2013? 

• Did you have any discussions with Mr. Zuckerberg or Mr. Cox directly in 
September 2013 regarding shutting off data access to Xobni? 

• Did any of the Custodians to your knowledge discuss with Mr. Zuckerberg or 
Mr. Cox directly in September 2013 shutting off data access to Xobni? 

• Who is the other POV that Archibong wants to weigh in? [“Sam” is Lessin] 

• Does Mr. Archibong state that he wants to check with Mr. Lessin to see if these 
‘contact’ apps are in “strategic conflict” with Mr. Lessin’s products? 


Aaron Bernstein responds to Archibong: [Read first three highlights on 93], 




What product team was Mr. Bernstein on at this time and who did he report to? 

Does Mr. Bernstein state that he started a cross-functional team to explore 
building a contacts app with Mr. Lessin and Mr. Olivan? 

Does Mr. Bernstein state that Mr. Olivan was interested in Facebook having a 
contacts app because it would give Facebook an advantage in the messaging 
app market? 

Does Mr. Bernstein imply that Mr. Olivan’s belief is that if people use a 
Facebook contacts app, they will be more likely to use Facebook when they 
message others, since they will need to find those other people first in 
Facebook’s contacts app? [If “IDK,” would that be a reasonable interpretation of 
how Mr. Bernstein characterizes Mr. Olivan’s view?] 

Does Mr. Bernstein state that they should keep access to the friends data pretty 
tied down? 

Does Mr. Bernstein state that one reason to keep friends data very restricted is 
that it is a challenge to monitor companies to determine if they become 
competitors to Facebook? 

Does Mr. Bernstein imply that they should just restrict data access to all 
contacts apps because they can’t tell in advance which will become 
competitors? 

Would Mr. Bernstein have the authority to make and implement this decision on 
his own? 

Who would Mr. Bernstein receive the authority from to do that? 

When Mr. Bernstein states “if Xobni is not ok, what is?” is he implying that if Mr. 
Zuckerberg, Mr. Lessin and Mr. Olivan consider Xobni to be a competitor, then 
virtually all apps would be considered competitors? [If “No” or “IDK,” what is 
another reasonable interpretation of what Mr. Bernstein means by that 
statement?] 

Did you have any discussions with Mr. Lessin or Mr. Olivan directly in 
September 2013 regarding shutting off data access to Xobni? 

Are you aware that Xobni was a San Francisco startup that Bill Gates once 
described as “the next generation of social networking”? 



• Are you aware that Xobni was purchased by Yahoo around the time these 
discussions were occurring? 

• Was Xobni ever whitelisted or blacklisted for any private Facebook APIs? [If 
“yes,” when? For what? Who decided? Etc.; if “idk” or “no,” who would know? 
Would Mr. Zuckerberg know? Mr. Lessin? Olivan? Cox?] 

55_FB-00061437 - This is a September 2013 email exchange between Cross, 
Papamiltiadis and others with the subject “P3.0 Rollout Planning”. 

• You’ll see at the top of 37 Cross describes “capabilities,” “Gks,” and “Sitevars”. 
What is the one-sentence definition of each of those terms? 

• You’ll see that Papamiltiadis refers in the email right below on 37 to the “Talent 
tool”. What is the Talent tool? 

• Did Facebook employees use the Talent tool to grant capabilities to certain 
developers that gave them access to Facebook data that may not have been 
available to all developers? 

• How many different tools did Facebook have to administer whitelists and during 
what years was each tool used? 

On the top of 38, you see Cross writes an email regarding their immediate tasks. Cross 
writes: [Read full highlight on 38 “What we need to do...provide more context)”]. 

• Does Cross state that they need to create two lists: one that includes all of their 
whitelisted permissions and one that includes all the companies they consider 
threats? 

• Does Cross state that they will then determine for each whitelisted permission 
and each app whether the app can keep access or not, or if they need to 
escalate the decision to a superior? 

• Does Cross state that for developers who keep access, they either need to 
verify an existing Extended API Agreement or enter into a new Extended API 
agreement with them? 

• Does Cross use the phrase “user privacy” or “user trust” when describing this 
task regarding which types of data to remove from which developers? 


See on 39, Papamiltiadis emails Cross comments on a presentation Cross prepared. 
Her writes regarding Slide 5: [Read highlight on 39 “Removing access. ..NEKO 
adoption”]. 



• What does NEKO stand for? 

• Does “NEKO adoption” mean increased purchases, and therefore revenues, for 
Facebook’s mobile newsfeed advertising product, aka NEKO? [yes] 

• Does Papamiltiadis suggest that Facebook’s decision to privatize access to the 
full friends list is an “indirect” way to increase the revenues or customers of 
Facebook’s advertising business? [If “no” or “IDK,” is there another reasonable 
interpretation of his statement?] 

56_FB-00043884 - Is this a Private Extended API Addendum dated January 29, 2015? 

Please turn to 85, bottom of Section 4. Does it say that the Private Extended APIs “will 
be deemed to be a part of the Platform and the Platform Policies, respectively, for 
purposes of the Agreement”? 

On the next page, 86, does Exhibit A define Private Extended APIs as a set of APIs and 
services provided by FB to Developer that enables Developer to retrieve data or 
functionality relating to Facebook that is not generally available under Platform”? 

Roughly, order of magnitude, how many executed agreements like this one did 
Facebook have in 2012? 2013? 2014? 2015? 2016? Today? 

60_FB-00460895 - This is a September 2013 email exchange between Sukhar, Purdy 
and others with the subject “PS12N meeting with Javi”. Purdy writes: [Read third 
highlight at bottom of 96 “I know there has...on mteam”]. 

• Does Purdy state that it is important to get feedback from Mr. Olivan because 
Mr. Olivan is one of the executives most concerned about Facebook leaking its 
data to other companies? [If “IDK,” is there another executive on the 
management team named Javi besides Mr. Olivan?] 

• Who is the other executive Purdy mentions is a vocal critic of graph leakage? 
[Lessin] 

Sukhar responds immediately above Purdy on 96 that he would prefer to just ask Mr. 
Olivan what he dislikes about Platform and which parts he considers leakage. Is that 
correct? 

Federov then responds: [Read top highlight on 96 “I think Javi...shut platform down 
©”]. 


• Does Federov state that Mr. Olivan will care about developers accessing friend 
lists and friend data permissions? 



• Does Federov state that Mr. Olivan would like to see Facebook Platform shut 
down? 

• Does Federov imply that Mr. Olivan, as a member of Facebook’s executive 
management team, will recommend to these employees to restrict developer 
access to app friends, certain user info, and friend data permissions? 

• Does Federov imply that if Mr. Olivan had his way entirely that Facebook would 
be an entirely closed application where Facebook users could not permit other 
companies to access any of the data Facebook maintained on their behalf? 

• Did you participate in the meeting in which the presentation being prepared in 
this email string was presented to Mr. Olivan? 

• How many meetings did you participate in with Mr. Olivan directly where he 
shared his thoughts and impressions regarding developer access to Platform 
data? [If any, when? Who else attended these meetings?] 

• Did Mr. Olivan direct any aspect of Facebook’s decision to restrict data from 
over 40,000 apps on April 30, 2015? 

61 _FB-00493943 - This is a September 2013 chat string between Mr. O’Neil and Mr. 
Vishwanath. O’Neil writes at the top of 43: [Read first four highlights at top of 43 
“We’ve been saying...picture}”]. 

• Does Mr. O’Neil tell Mr. Vishwanath that he wants to confirm the model for 
developers accessing non-app friends with him before speaking with Mr. Olivan 
that day? 

• Does O’Neil state that he believes according to the model that all developers 
can access friends who haven’t downloaded the app? 

Mr. Vishwanath responds: [read fifth highlight on 43 “in this model...than a 
permission”]. Does Mr. Vishwanath tell him that under the model getting the full friends 
list would be a capability that Facebook enables rather than a permission available to 
all developers? 

O’Neil responds: [Read sixth highlight at very bottom of 43 “Ok - so some...could 
access id”]. 

• Does O’Neil respond to Mr. Vishwanath that because it is a capability and not a 
permission that some whitelisted apps would be able to access the Facebook 
IDs of friends? 



• Does O’Neil state that the whitelisted apps would presumably be ones that had 
contracts with Facebook? 

• What kinds of contracts with Facebook would whitelisted apps have? 

• Is it possible these contracts would involve payments from the developer to 
Facebook? 

Mr. Vishwanath then writes at the top of 44 that he would like to get answers around 
whether this model is necessary and sufficient from Mr. Olivan. Is that correct? 

• Does Mr. Vishwanath imply that his activities in determining how to implement 
the removal of friend data from developers are being directed by Mr. Olivan? [Is 
there another reasonable interpretation of his statement?] 

62_FB-00427400 - This is an October 2013 email discussion between Jackie Chang 
and other Facebook employees regarding the Royal Bank of Canada (RBC). A 
Facebook employee working on the partnership with RBC emails Chang on the bottom 
of 05 regarding Platform 3.0 changes affecting the RBC app. Is that correct? 

Mr. Monga writes: [Read second highlight at bottom of 05 and top of 06 “Without the 
ability...manage the transition”]. 

• Does Monga state that there would be dire consequences if the RBC app could 
not access non-app friends? 

• Does Monga state that RBC has made a big financial commitment to Facebook 
as part of this project? 

• Does Monga state he is anxious about the change and hoping Facebook can 
help? 

If you look immediately above on 05 Ms. Chang responds with questions, including: 
[Read top highlight on 05 “did they sign...How much?”]. 

• Does Chang refer to an Extended API Agreement that gives RBC whitelist 
access to this data? 

• Does Chang asked if someone gave Monga approval for whitelist access and 
reference a link for the Platform Whitelist Approval group? 

• Does Chang ask if RBC is paying Facebook specifically for this integration? 



• Does Chang ask how much RBC is paying Facebook specifically for this 
integration? 

If you look at the bottom of 04, Monga replies: [Read second highlight on 04 at bottom 
“There is budget...ever run in Canada”]. 

• Does Monga confirm that RBC is making payments to Facebook for advertising 
using Facebook’s Custom Audiences feature of its NEKO advertising product? 

• Does Monga state that it will be one of the biggest campaigns ever run using 
Facebook’s NEKO advertising product? 

If you go to the bottom of 02 you see that Ms. Chang adds Mr. Cross to the email 
string to respond specifically to Monga and writes: [Read fourth highlight at bottom of 
02 “Developers are allowed...is fully prepared”]. 

• Does Ms. Chang ask that no Facebook employees discuss Platform 
Simplification, or Platform 3.0, with any partners? 

• Until when do Facebook employees need to wait to notify partners their apps 
will be breaking? [until messaging is fully prepared] 

Mr. Cross then responds immediately above on 02: [Read first three highlights on 02 
“Do we have...post ps12n”]. 

• Does Mr. Cross ask if Facebook has a contract with RBC that covers their use 
of a private API? 

• Does Mr. Cross state that if RBC is accessing this friends data from a private 
API, their app won’t be affected by the changes to Platform 3.0? 

• Does Mr. Cross instruct the others to make sure RBC has a contract so they 
won’t be affected by PS12n, or Platform Simplification? 

If you look at the top of 01 you’ll see that a Facebook employee Bryan Hurren then 
responds to Cross: [Read highlight at top of 01 “From a legal perspective...being too 
explicit”]. 

• What is Mr. Hurren’s role and who does he report to? 

• Does Mr. Hurren say that RBC needs an “Extended API agreement” that would 
permit RBC to continue to access friends data that would be no longer available 
to all developers? 



• What other company does Mr. Hurren say Facebook entered into an Extended 
API agreement with? 

• Do you know how much Netflix spent on advertising with Facebook in 2013 and 
2014? 

• Why does Mr. Hurren say that the agreement will give RBC the friends data 
“without being too explicit”? 

• What would be a reason not to be explicit when giving RBC the friends data? 

• Was RBC ever whitelisted to access friends? How would you find out? Who 
would know? 

• Did RBC have this whitelisted access to friends data after April 30, 2015? How 
would you find out? Who would know? 

63_FB-00433628 - This is an October 2013 chat string between Sukhar and O’Neil. 
Sukhar writes: [Read all highlights on 28 and 29 at once “I just spoke to KP...not for 
deprecations”]. 

• Does Mr. Sukhar state that Papamiltiadis is angry about the Platform 3.0 
changes because Facebook will alienate the developer community and give 
special access to all of Facebook’s friends? 

• Does Sukhar state that Papamiltiadis’ view is “fundamentally correct”? 

• Does Sukhar state that Facebook is eroding the value of Facebook Platform for 
reasons that are not clear? 

• How long have you and Papamiltiadis worked at Facebook together? And 
around this time did you two interact professionally? 

• Did Papamiltiadis ever share these frustrations directly with you? When? What 
did he say? Papamiltiadis never once mentioned his frustration to you? 

• What do you think Sukhar means by “incentive alignment”? Do you recall 
participating in any email conversations where that term was discussed? 

• Does Sukhar state that Facebook’s decision to announce separate Core and 
Beta (also known as Experimental or Extended) APIs is only because Facebook 
is removing access to data like the full friends list and permissions? [Is there 
another reasonable interpretation of Sukhar’s statement?] 



66_FB-00576265 - This is an October 2013 chat string between Sukhar, O’Neil and 
others. Sukhar writes on 65: [Read top two highlights on 65 “I have spent...of the use 
cases”]. 


• Does Sukhar state that the feedback from Facebook employees he met on his 
trip about Platform Simplification was “universally negative”? 

• Does he state that the reason is because they haven’t clearly communicated 
why they are removing access to data? 

You see at the bottom of that same page 65, O’Neil sends Sukhar a presentation he 
gave as a test run about the Platform 3.0 changes and says it was well received. Is that 
correct? 

You see at the top of 66 Sukhar writes in reaction to the presentation: [Read first and 
second highlights on 66 “Interesting that...have heard before”]. 

• Does Mr. Sukhar state that his view had been that Platform 3.0 data restrictions 
like removing friends data were a way to protect Facebook against competition 
from WhatsApp or apps like WhatsApp? 

• At this time in October 2013, did Facebook compete with WhatsApp? 

• Did Facebook purchase WhatsApp in February 2014 for $19.3 billion? 

• Was Facebook’s purchase of WhatsApp its largest acquisition ever? 

• At any time prior to Facebook’s purchase of WhatsApp, did Facebook to your 
knowledge whitelist or blacklist WhatsApp to any Facebook APIs, capabilities or 
permissions? [Who would know? Would Zuckerberg know? Olivan? Lessin? 
Vernal?] 

• Is it fair to say that Mr. Sukhar was under the impression at this time that 
Platform 3.0 changes were being made at least in part for competitive reasons? 

• Does Mr. Sukhar state that O’Neil’s presentation pitches the Platform 3.0 
changes as a way to protect Facebook’s advertising platform? 

• Does Mr. Sukhar state that positioning Platform 3.0 as a way to protect 
Facebook’s advertising revenues is easier to defend but that it’s not a line of 
reasoning he had heard before? 

If you look down 66 you’ll see that Purdy requests the presentation Sukhar and O’Neil 
had been discussing. Fie asks if it includes the model they discussed last week? O’Neil 



responds a few messages below on 66: [Read bottom highlight on 66 “Doug: 
yes...discussed last week”]. 

• Does O’Neil tell Purdy that the presentation explaining their reasoning for 
restricting data access under Platform 3.0 includes the aligned / competitive 
model they discussed last week? 

If you go to the top of 68, O’Neil mentions the following: [Read top highlight on 68 “I’ve 
had...all the data”]. 

Purdy then responds below on that page: [Read second and third highlights on 68 “I 
don’t think...on user data”]. 

• Does O’Neil state that he’s received questions from Facebook employees 
regarding why Facebook is now protecting its data? 

• Does Purdy state that they are not going to reopen their philosophy on user 
data? 

• Is it reasonable to conclude that Purdy believes that Facebook’s philosophy on 
user data is that users cannot port much of the data they share on Facebook to 
other applications? 

• Based on this string, is it reasonable to conclude that Purdy is saying the 
decision whether a user can share a certain piece of her data with another 
developer is up to Facebook and depends on whether that other developer 
competes with Facebook? 

67_FB-00499966 - This is a December 2013 chat string between O’Neil and Amir 
Naor, a Facebook employee. Can you take a moment to read the string to yourself. 

• Mr. O’Neil wishes Naor a happy birthday and mentions that removing friends 
birthday data is going to be “especially bad for birthday notifiers”. Naor agrees 
and says that it will also be bad for dating apps. O’Neil then says the dating 
apps will be interesting and that Lulu will be hit hard but Tinder will be fine. Is 
that correct? 

• Does a dating app let a user see a photo and other information about people, 
typically people somehow connected to them, and determine if they’d like to go 
on a date with them? 

• Were Lulu and Tinder popular dating apps? 

• Why does Mr. O’Neil state that Lulu will be harmed but Tinder won’t be? 



• So Mr. O’Neil’s statement has nothing to do with the fact that Tinder will get 
special access to private APIs so it can continue to function after Graph API 2.0 
is released while Lulu will not have the same special access Tinder will have? 

68_FB-00047134 - This is a January 2015 email from O’Neil to Papamiltiadis regarding 
Tinder. You see at the bottom of 39 Sean Rad, who was the founder and CEO of 
Tinder, writes to Papamiltiadis that Tinder’s access to the graph isn’t working and they 
had no idea. He then asks what they can do. Do you see that? 

• Is Tinder generally considered to be a competent company with responsible 
professionals managing it? 

• Did Facebook announce Graph API 2.0 on April 30, 2014? 

• Does the CEO of Tinder write in January 2015 that he had no idea about 
Facebook’s Graph API 2.0 changes and that they would affect Tinder’s dating 
app? 

Do you see on that same page, 39, Rad then tells Papamiltiadis that they need a way 
to get the full list of friends for a particular user. Do you see that? 

Also, if you go to the bottom of 37, you can see that Jonathan Badeen, who was the 
VP of Product at Tinder, writes the following: [Read highlight at bottom of 37], 

• Does Mr. Badeen say that one of the biggest reasons people use Tinder is 
because seeing their friends gives them accountability, safety and trust that 
makes them comfortable using the app? 

• Does Mr. Badeen say that accessing the full friends list is the “single most 
important factor” in Tinder’s decision to use Facebook’s login tools and not 
other developers? 

You’ll see at the bottom of 34 that Cross then asks O’Neil if he is ok whitelisting Tinder 
for the full friends list until after Facebook has relased its mutual friends API to Tinder. 
Is that right? And you see that O’Neil responds right above on 34 that he is ok with this 
and it’s better than them starting an email thread with Mark. Is that right? 

• Does O’Neil authorize Tinder accessing the full friends list as a private API for 
some period of time? 

• Does O’Neil imply that one reason for giving Tinder whitelist access is to avoid 
them emailing Mr. Zuckerberg about it? [What other Mark would they email?] 




Was Tinder in fact whitelisted for the full friends list for a period of time? 



• What is the mutual friends API? 

• Did Tinder ever use the mutual friends API? 

• Was the mutual friends API available to any developer throughout 2015 as part 
of the Facebook Platform’s public APIs? [If “no,” so a developer did not need to 
have a special agreement with Facebook in order to access the mutual friends 
API?] 

• Was Tinder’s whitelisted access to the full friends list or access to the mutual 
friends API granted by Facebook because it felt Tinder was or would be 
providing substantial financial payments or other financial consideration to 
Facebook? [If “no,” then why did Facebook grant Tinder this access?] 

69_FB-00044220 - This is a March 2015 email involving Sean Rad and Sam Yagan of 
Tinder and Papamiltiadis. If you look at the very bottom of 27 you see that Rad 
introduces Yagan and Papamiltiadis to discuss Tinder’s “Moments” trademark. Is that 
correct? 

And then Papamiltiadis asks Yagan at the top of 27 when it would be convenient to 
discuss how they can reach a “mutually beneficial agreement” regarding the 
trademark. 

And then if you go to the bottom of 25 Papamiltiadis tells Yagan that Facebook wants 
Tinder to assign all rights in the Moments trademark to Facebook, listing the US 
Trademark Serial No. Is that correct? 

And you can see at the bottom of 24 that Yagan asks Papamiltiadis what product they 
intend to launch under the Moments trademark and about any compensation Tinder 
will receive. Is that correct? 

And then on the top of 24 Papamiltiadis responds: [Read first and second highlights on 
24 “The new app is related...in the new API world”]. 

• Does Papamiltiadis say that Facebook wants the Moments trademark for Tinder 
in order to launch a Facebook photo sharing app that lets friends see each 
other’s photos? 

• Did Facebook launch its Moments photo sharing app? Around when did 
Facebook launch Moments? 

• As part of Papamiltiadis’ answer to Yagan’s compensation question, does 
Papamiltiadis state that Facebook developed two new APIs that allowed 
Tinder’s app to continue to work in the “new API world”? 



• By “new API world,” does Papamiltiadis mean after the Platform 3.0/Graph API 
2.0/Login v4 changes? [What else could Papamiltiadis mean by the new API 
world?] 

• What are the names of the two new APIs Tinder could access that ensured its 
app would not break? 

• Do you know if these APIs were at all times public APIs that all developers could 
access? 

• Was there ever a time that a developer could not access data from one of these 
two APIs unless the developer was whitelisted by Facebook? 

• Is it fair to say that Papamiltiadis is mentioning private API access to Tinder as a 
form of compensation that should be considered as part of Tinder’s decision to 
license Facebook a trademark it could use for a photo sharing application? 

70_FB-00434425 - This is a January 2014 email string among Sukhar, Vernal and 
others with the subject “slides for mark”. You can see at the bottom of 30 O’Neil 
attaches a file “Login v4 Review with Mark” and then writes that the slides for Mark are 
attached. Is that correct? 

Sukhar then states at the bottom of 29: [Read highlights at bottom of 29 and top of 30 
“Yeah, I think these are....exception for iOS Login?”]. 

• Does Sukhar state that he is going to ask Mr. Zuckerberg the questions I just 
read? [Is there another Mark he could have asked that would make sense in this 
context?] 

• Is one of the questions whether Mr. Zuckerberg is comfortable killing the 
prospects of a lot of startups with these changes that took effect on April 30, 
2015? 

• Is another question whether Mr. Zuckerberg believes Facebook can guarantee 
its Login feature to any app regardless of how competitive it may be? 

• Is another question whether Mr. Zuckerberg believes Facebook is willing to 
make these changes that took effect on April 30, 2015 with a huge exception for 
apps built on Canvas? 

• Is another question whether Mr. Zuckerberg believes Facebook is willing to 
make these changes that took effect on April 30, 2015 with a huge exception for 
Apple’s mobile operating system iOS? 



• Do you know if Sukhar asked Zuckerberg these questions in late January or 
February 2014? Did you hear firsthand Sukhar ask Zuckerberg these questions 
around this time? 

• Do you know if any of the Custodians heard firsthand Sukhar ask these 
questions to Zuckerberg around this time? 

• Do you know what Zuckerberg’s response to these questions was? 

If you jump up to 27, you can see Sukhar states one of his concerns that motivated 
these questions: [Read highlight on 27 “My concern...workaround on iOS”]. 

• Does Sukhar state that his concern in asking at least some of these questions to 
Mr. Zuckerberg is that Facebook may be perceived as not being able to hold its 
story together? 

• Does Sukhar refer to the user trust message as the story that Facebook may be 
perceived not holding up to scrutiny? 

• Does Sukhar state that Apple’s mobile operating system has an easy and 
obvious workaround to some of these changes allegedly made in the interest of 
user trust? 

• Does Sukhar imply that these huge exceptions might undermine Facebook’s 
user trust message? 

71 _FB-00528042 - This is a January 2014 email from Facebook employee George Lee 
to various Facebook employees. Lee writes: [Read first large highlight at top of 42 “We 
sold developers...the last 2 years”]. 

• Does OG mean Open Graph? 

• Is implicit OG or implicit sharing a way for developers to integrate with 
Facebook’s Newsfeed in a way that helps them grow their apps? 

• Does Lee state that Facebook told developers that one of the best things they 
can do to grow their apps is optimize their use of “implicit OG”? 

• Does Lee state that developers have invested a lot of time to establish that 
traffic on Facebook? 

• Does Lee state that taking away implicit OG nullifies all the work developers 
have done over the past two years to integrate OG? 



• When Lee writes that Facebook “sold developers a bill of good,” is it fair to say 
that he means Facebook made representations to developers that caused them 
to invest time or money in building apps that use “implicit OG”? 

Mr. Lee continues: [Read second and third highlights on 42 “The more I think...canvas 
ecosystem”]. 

• Does Mr. Lee state that removing developers’ ability to use implicit sharing 
reverses a storyline that Facebook has been pushing to developers for two 
years? 

• By “pushing,” is it fair to say that Lee means Facebook is representing that 
storyline as Facebook’s official position in public and private conversations with 
developers and the public? 

• Does Lee state that the damage to Facebook’s Canvas product could be 
“irreparably” harmed if this change is implemented for all Canvas applications? 

• Does Lee state that he and others have expressed concerns in the past and that 
this transition could be “very very painful”? 

72_FB-00528137 - This is an email between O’Neil and others with the subject “open 
issues: user_friends and naf”. 

If you go to 38, you see that O’Neil writes that they have a review coming up on 
January 24, 2014 with Mike and on January 27, 2014 with Mark. Is Mr. O’Neil referring 
to Mr. Vernal and Mr. Zuckerberg? [Who else could Mr. O’Neil be referring to? Are 
those two the most likely people O’Neil could be referring to?] 

And then if you jump to the middle of 37 O’Neil writes: [Read highlight on 37], 

• Is NAF non-app friends, meaning a user’s friends who aren’t also using the app? 
[If “no” or “IDK,” point to “non-app friends” at top of email], 

• Non-app friends is a permission Facebook removed when it made Graph API 
2.0 mandatory on April 30, 2015, correct? 

• Does O’Neil state here that the proposal they are preparing for the meetings 
with Vernal and Zuckerberg is that an app can access non-app friends if 
Facebook approves that access after these changes go into effect? [What else 
could O’Neil mean by this statement then?] 

• Did you participate in either the January 24 meeting with Vernal or the January 
27 meeting with Zuckerberg? 



• Do you know what feedback Mr. Zuckerberg gave in the January 27 meeting? 

• Do you know if any of the Custodians attended the meeting? [How do you know 
O’Neil attended the meeting? So you suspect or assume O’Neil attended the 
meeting? Did O’Neil ever share his feedback with you from Zuckerberg?] 

• Did any of the other Custodians to your knowledge attend this meeting? 

73_FB-00556670 - This is a January 2014 email string between Purdy, Sukhar and 
others with the subject “Login v4 + PS12N +f8”. If you go to 71, you’ll see that Purdy 
writes: [Read first highlight “1. We are building...their real online identity”]. 

• Login v4 and unified review are the changes Facebook announced on April 30, 
2014 related to an app seeking permissions to access Facebook data when 
people use their Facebook username and password to login to the app? 

• Login v4 required that Facebook review more permissions to access data than 
Facebook previously required, correct? 

• Is this what Purdy means when he says that these changes are good for people 
and give people control, meaning Facebook offers a safer and more transparent 
experience with users because of these Login v4 changes? 

• Is this the same basic idea as or at least related to the user privacy and control 
messages that Facebook has publicly stated were its reasons for the changes 
announced on April 30, 2014? [admit they are related] 

Purdy then writes: [Read second highlight on 71 “The above user trust...pushback if 
you disagree”]. 

• When Purdy refers to the “user model changes,” is he referring to Login v4? 
[Well he is referring to one of the three products he mentions, Login, PS12N and 
Unified Review. Which is it?] 

• When Purdy refers to the “developer changes,” is he referring to Platform 
Simplification in which access to data like the friends list and friends 
permissions is being removed? 

• Does Purdy write that the user trust message I just read a few moments ago 
“only really hangs together” if Facebook communicates these two major 
changes at the same time, or in one fell swoop? 

• Does Purdy say these two changes need to ship together? 



• Does this mean that it is technically possible for Facebook to implement the 
Login v4 changes without the PS12n changes, or vice versa? 

• Is it fair to say that Purdy’s view is that Facebook needs to announce Login v4 
and PS12N together in order for the user trust message to be coherent? 

You’ll see at the bottom of 70 Purdy mentions reviewing the material discussed in this 
email with Mark on January 27, 2014 - see bullet 2 at the very bottom. Is that right? 
You see right above that in bullet 5, Purdy states they are going to recommend to Mike 
and Mark to postpone F8 until the fall. Is that correct? 

• Is Mike Mr. Vernal? [Is it likely Purdy is referring to another Mike here?] 

• Is Mark Mr. Zuckerberg? [Is it likely Purdy is referring to another Mark here?] 

• Did you participate in this meeting on January 27, 2014 with Mr. Zuckerberg 
concerning the timing of Login v4, PS12N, and F8? [No] 

• Did you have any meetings with Mr. Zuckerberg in January 2014 other than 
company-wide meetings in which he expressed his thoughts regarding the 
timing of Login v4, PS12N, and F8? 

• Did Facebook announce the Login v4 and PS12N changes at F8 on April 30, 
2014? 

• So Facebook presumably got the benefits of the user trust message because, 
according to Purdy, it announced these two changes in one fell swoop? 

• But Facebook did not end up taking Purdy’s recommendation of pushing F8 
back to the fall? 

• Do you know who rejected Purdy’s recommendation and made the final 
decision to hold F8 on April 30, 2014? 

• Who would have the authority to make a decision like that? Would Zuckerberg? 
Would anyone else? [If she gives any names, ask if that person would need to 
get Mr. Zuckerberg’s approval for the date of F8], 

• Did you make the decision to hold F8 in late April 2014? 


Is Jonny Thaw on this email string? 




• Was Jonny Thaw at this time Mr. Zuckerberg’s executive communications 
assistant, meaning he works directly for Mr. Zuckerberg on communications 
matters? 

74_FB-00058030 - This is a February 2014 chat string between Sukhar, Papamiltiadis 
and others. You see at the bottom of 30, Sukhar writes: [read all highlights on 30 “After 
discussing...reasonable compromise”]. 

• With whom does Sukhar state they discussed making user trust a core theme of 
F8? [Zuckerberg] 

• Did you participate directly in these discussions between Sukhar and 
Zuckerberg regarding making user trust a core theme at f8? 

• Do you know who the “we” is that Sukhar says helped to land on that decision 
with him and Zuckerberg? 

• Does Mr. Sukhar imply that Mr. Zuckerberg participated in the decision on how 
and when to announce the removal of friends permissions and other Platform 
3.0 changes? 

• Are you aware of any Custodians who would be included in the discussions 
Sukhar references when he says “we landed”? 

• When Sukhar writes they agreed to roll things out simultaneously, is he referring 
to Login v4 and Platform 3.0 changes like deprecating the friends permissions? 

• Does Mr. Sukhar state that Mr. Zuckerberg is best positioned to announce 
Facebook putting power back in the hands of the people? 

• Does Mr. Sukhar state that Mr. Zuckerberg will not be enumerating specific 
permissions that Facebook is removing during his announcement? 

• Does Mr. Sukhar state that Mr. Zuckerberg will focus his announcement on the 
new Login, also known as Login v4? 

• Does Mr. Sukhar state that this decision on the announcement is not ideal but a 
reasonable compromise? 

• So Sukhar, Zuckerberg and others decided on implementing Platform 3.0 
simultaneously with Login v4? 

• And they decided to only tell the public and developers about the Login v4 
changes and not the Platform 3.0 changes in Mr. Zuckerberg’s announcement? 




• Do you know if Mr. Zuckerberg was involved in drafting the announcement he 
delivered on stage at F8 on April 30, 2014? 

• Were you involved in drafting the announcement he delivered on stage at F8 on 
April 30, 2014? 

• Have you ever reviewed prior drafts of this announcement from around March 
and April 2014? 


75_FB-00188603 -This is an April 10, 2014 email string involving Jonny Thaw and 
others with the subject “F8 narrative/script”. If you look at the bottom of 03, Thaw 
writes that Mark wrote his f8 script yesterday. Is that Mr. Zuckerberg? So Mr. 
Zuckerberg wrote a draft of his F8 script on April 9, 2014? 

You see at the top of that page there is a draft of the script and comments in 
parentheses, like in the middle of 03 where it says “(I’ll think of a closing story to end 
here....” Is that a draft of Zuckerberg’s April 30, 2014 announcement? 

• So presumably it is Mr. Zuckerberg who wrote that and will think of a closing 
story to end the announcement? 

• Did Mr. Zuckerberg explicitly mention that Facebook is removing access to the 
full friends list, the friends permissions, or the read_stream API? 

• So Mr. Zuckerberg personally drafted the April 30, 2014 announcement around 
Platform 3.0 changes and did not mention the specific data to which developer 
access was being revoked? 

76_FB-00562432 - This is an April 29, 2014 email from Zuckerberg to Thaw, which is 
then forwarded to Sukhar, Vernal and others. You see that Zuckerberg writes at the top 
of 32 that there were no real change to the script since last night. 

• Is it fair to say based on the April 9 draft we just reviewed and this current draft 
on April 29 that Mr. Zuckerberg personally worked on his F8 announcement 
throughout the April 2014 timeframe? 

If you jump to the top of 37, you’ll see that this version of the draft makes reference to 
sharing friends data when Zuckerberg writes: [Read two highlights at top of 37 “In the 
past...data themselves”]. 

• Do you know if Zuckerberg made this statement on stage in his April 30, 2014 
announcement? 



Do you know if Zuckerberg modified this draft between April 29, 2014 and the 
announcement the next day? 

Does Zuckerberg state here that in the past a user could share their friends’ 
data with an app without the friend being able to prevent it? 

Is it fair to say that “in the past” would include the time period roughly spanning 
the prior year, say 2013 to early 2014? 

Did a user of Facebook in 2013 or 2014 have the ability to prevent his friends 
from approving an app to access his information? 

Could the user decide which apps and which data they would let their friends 
share with apps? 

Was there a box a user could check on the Facebook website to prevent or 
deny apps from accessing specific types of data even if the user hadn’t 
downloaded the app? 

Was the feature “Apps Others Use” the privacy section where a Facebook user 
could determine what data they let their friends access on other applications? 

So if we were friends on Facebook in 2013 or 2014, I would be able to let you 
see my photos on Facebook but to prevent you from seeing them on 643’s app? 

But if we were friends on Facebook in say, 2016, I would not be able to let you 
see the photos I uploaded to Facebook on 643’s app? On any other app? On 
Facebook? 

Is it fair to say that in 2013 and 2014 there were many applications that offered 
alternative ways for me to interact with the photos my friends uploaded to 
Facebook? [more than 100? more than a few dozen, etc.] 

Is it fair to say that as of April 30, 2015, Facebook was among a small number of 
companies that could let me interact with the photos my friends uploaded to 
Facebook? [Is it fair to say that the number of companies who could let me do 
this dropped significantly between April 29, 2015 and May 1,2015?] 

Under the current Graph API 2.0 system, do I have control over my friends list 
and the data my friends allow me to see about them? 

Can I choose to access my full friends list through applications other than 
Facebook as long as my friends say it’s ok? 



• Can I choose to let my friends access information about me, like my photos, on 
applications other than Facebook or apps whitelisted by Facebook? 

• Who chooses whether an app other than Facebook can access this information 
about me? 

• Does Facebook make this choice? 

• Did Zuckerberg announce on stage the new Login Review at F8 on April 30, 
2014? 

• Did Zuckerberg announce on stage that the full friends list and friends_* 
permissions were being privatized? 

• Did Zuckerberg announce on stage that the full friends list and friends_* 
permissions were being deprecated? 

• Did Zuckerberg specifically mention on stage the friends list, friends 
permissions, read_stream API, or any other popular APIs Facebook was 
removing at F8 on April 30, 2014? 

81_FB-00411863 - This is an April 2014 email exchange between O’Neil, Rose and 
others with the subject “F8 changes impact on canvas revenue”. In the middle of 64, 
Mr. Rose writes: [Read both highlights on 64 “If we determine...not let that happen”]. 

• Is it fair to say that many (some?) Canvas apps are games people can play on 
Facebook built by another developer? 

• Does Mr. Rose raise the issue that because Facebook gets a 30% revenue 
share on Canvas apps that removing data access to these apps might lower 
Facebook’s revenues from these games or Canvas apps? 

• Does Rose state they should consider whether to treat Canvas apps differently 
from all other apps? 

• Who does Rose state will decide if the revenue hit to canvas is worth making the 
data access changes to Platform? [Zuckerberg] 

• Who does Rose state needs to “explicitly approve” whether Facebook makes an 
exception for Canvas apps? [Is “Mark,” Zuckerberg? Is there another Mark with 
the authority at Facebook to make this decision?] 

• Who else do they need to ask according to Rose? Who is Ebes? What was 
Ebes’ title during this time and to whom did Ebes’ report? 



• Did you participate directly in any discussions with Mr. Rose and Mr. 
Zuckerberg during April 2014 regarding whether and how to exclude Canvas 
apps or Canvas games from the Platform 3.0 changes? 

• Did Facebook in fact create exceptions for Canvas apps and games that 
permitted them to maintain parity after Login v4 and Graph API 2.0 went into 
effect on April 30, 2015? 

• Did Facebook build private APIs only available to developers categorized as 
Canvas games or apps in order to replace the APIs being removed from Graph 
API? [What APIs?] 

• Were you concerned that this exception for a significant number of apps might 
undermine Facebook’s narrative that it was making these changes in order to 
improve user trust, privacy and control? [Was anyone you worked with 
concerned? Who?] 

• Do you think that these Canvas apps or games are less likely to create user 
trust, privacy or control issues compared to other apps? [Why is that?] 


82_FB-00433725 - This is a May 2014 chat string among O’Neil, Koumouzelis and two 
Facebook employees, Amir Naor and Sean Kinsey. At the top of 25, Naor writes: [Read 
top highlight on 25 “I disagree...the games ecosystem”]. 

Kinsey then responds: [Read second highlight on 25 “Amir, the inconsistency...regular 
apps to do”]. 


• Do Mr. Naor and Mr. Kinsey both state that Facebook has different rules for 
different developers or holds developers to different standards? 

• Does Mr. Kinsey express amazement that no one has called Facebook out for 
this conduct? 

• Does Mr. Kinsey state that Facebook permits games to do things that regular 
apps can’t do? 

If you go to the bottom of 25, you’ll see that O’Neil replies “I see the inconsistency, we 
just decided that it was worth it.” Do you see that? 




Why do you suspect Mr. O’Neil thinks it is worth having this inconsistent 
treatment of developers? 



And then if you jump down to 28, Kinsey follows up that: [Read highlight on 28 “It’s 
ironic that...building that trust ©”. 

• Does Kinsey imply that user trust is more important in scenarios where money 
or payments are involved? 

• Can Facebook Canvas games sometimes involve payments or money? 

• What does Kinsey say is ironic to him here? 

• Does Kinsey imply that this exception undermines or calls into question 
Facebook’s public narrative that it is making Platform 3.0 and Login v4 changes 
to build user trust? 

83_FB-00597229 - This is a November 2014 email string discussing Flipboard, a 
developer app, between O’Neil, Papamiltiadis, Archibong and others. If you look at the 
bottom of 32 and top of 33, you see that Eric Feng, the Flipboard CTO, writes that 
Flipboard did not receive read_stream and friend list permissions when Facebook 
reviewed its app. Is that correct? 

Papamiltiadis then responds on 32 with reasons for continuing to let Flipboard access 
read_stream permissions. His third reason at the middle of 32 is: [Read first highlight 
on 32 “3/ Good partnership...baked into their apps”]. 

• Does Papamiltiadis state that prior to or during October 2014 Facebook had in 
some cases declined read_stream access to other developers? 

• Does Papamiltiadis imply that Facebook had not officially notified developers 
that it was restricting read_stream access and so they are surprised by getting 
declined to access it? 

• Does Papamiltiadis state that read_stream access was a well baked feature in 
their apps? 

• From January to October 2014 was read_stream a permission that Facebook 
publicly stated developers could access on Platform? 

O’Neil then responds on the bottom of 31 that Facebook should approve Flipboard 
through whatever timeframe makes sense for the relationship. Is that correct? 

He then writes later in the string at the top of 30 that Flipboard is a very unique case. 
Do you see that? 

• Who does O’Neil say was supposed to be involved in determining Flipboard’s 
access to data around F8? [Cox] 



Is that Chris Cox, Facebook’s Chief Product Officer? [Is there another Cox? etc] 


• Did you directly participate in discussions with Cox in 2014 regarding 
Flipboard’s access to Platform data? 

If you look at the paragraph above from O’Neil on 30 he writes: [Read second highlight 
on 30 “Agree with KP on...don’t have that news yet”]. 

• Does O’Neil state that Flipboard doesn’t know Facebook is planning to 
announce the Platform 3.0 and Login v4 changes? 

• So if Facebook permits Flipboard to access the permissions, Facebook doesn’t 
have to tell Flipboard now about the coming changes? 

• Does O’Neil agree with Papamiltiadis that Flipboard should be granted an 
exception to access read_stream because of optics? 

• Does Cross in the next email at the very top of 30 say that he supports giving 
Flipboard access for “optics sake”? 

• Were Cross and O’Neil aware that Cox wanted to be involved in decisions 
around Flipboard’s access to data when making this decision? 

• Did Cox tell them to give Flipboard access? Who would know that? [Cox?] 

• Did Flipboard have access to any of the capabilities Facebook could enable in 
its whitelist tools anytime in 2014? [If so, which?] 

• Did Flipboard have access to any data that was not available to Flipboard’s 
competitors anytime in 2014? [If so, which competitors were disadvantaged 
relative to Flipboard?] 

84_FB-00577500 - This is a November 2014 email from an Akamai employee to Cross. 
You’ll see in the second line at the top of 02 the Akamai employee, Shlomi Gian, writes 
that Akamai’s video app was rejected from read_stream access. Is that correct? 

And then see on the bottom of 00 and top of 01 Mr. Gian clarifies that Akamai’s app 
was designed to work similarly to Flipboard and then writes: [Read top highlight on 01 
“Does Flipboard...same level of access”]. 

• Did Facebook give Akamai access to read_stream after this request in 
November 2014? [No] 



• Does this email string indicate that Facebook will give or has given Akamai this 
access? [No] 

• From November 2014 to April 2015 did Flipboard have access to read_stream? 
[remind her we just confirmed that in the prior exhibit] 

• So Flipboard and Akamai have competitive apps and in late 2014 and early 2015 
Flipboard can access data that Akamai could not? 


85_FB-00598434 - This is a December 2014 email exchange between Archibong and 
Papamiltiadis discussing Path. If you look at the top of 36 you’ll see that Archibong 
met with Dave Morin, the founder of Path, and Morin was going to reach out to Mark to 
get a sense of how he views Path these days. Is that correct? 

Archibong then describes ways Path and Facebook might work together at the bottom 
of 36. He writes: [Read bottom highlights on 36 “Depending on how...this claim is or 
not”]. 

• Does Mr. Archibong consider Path as a customer for an advertising product, 
Audience Network? 

• Does he state that whether Facebook tries to get Path as a customer for this 
advertising product depends on how Mr. Zuckerberg feels about Path? 

• Does Archibong state that Morin thinks two of his competitors in Asia can 
access platform data that Path can’t? 

• Does Archibong ask that they look into Morin’s claim? 

You’ll see a screenshot in the middle of 35 from Facebook’s capabilities tool. The 
screenshot displays Line’s Facebook ID, an email contact for Line, how many active 
users Line has, and which capabilities and app groups Line is subscribed to. Is that 
correct? 


• So Facebook has an email address for Line stored in a database for an internal 
website? 

• Do many companies with access to private APIs have a page like Line’s in 
Facebook’s capabilities tool? 

• So Facebook stores in a database an email address for each developer with 
access to Private APIs, accepting that some email address fields may be blank 
or inaccurate? 



If you look at the top of 34, you’ll see Papamiltiadis has the results of the investigation 
Archibong requested. He writes that Path is blacklisted for photos and status. Line is 
blacklisted for the friends list, read_stream, photo, photo album and other permissions. 
Is that correct? 

• Does Papamiltiadis then state that the Facebook employee who blacklisted Line 
from receiving the friends list wrote that it was done as a preventative measure? 

• A preventative measure against what? A privacy violation? 

• Did Facebook ever pre-enforce data restrictions against developers because it 
suspected the developer might at some point in the future violate a user’s 
privacy? 

• Could the preventative measure be that Line is a messaging app that could 
compete with Facebook Messenger? 

• Does Papamiltiadis then state that Facebook has imposed more restrictions on 
Line than it does on Path? 

• Is it reasonable to think based on this discussion that Mr. Zuckerberg might 
have been involved in any future decisions regarding any data permissions or 
advertising contracts Facebook entered into with Path? 

• Did you participate in any discussions Mr. Zuckerberg held with Mr. Morin 
regarding data permissions or advertising contracts? 

• Do you know if any of the Custodians participated in any discussions Mr. 
Zuckerberg held with Mr. Morin regarding data permissions or advertising 
contracts? 

86_FB-00046059 - This is a January 2015 email string with the subject “Dropbox- 
Messenger integration”. On 66, Mr. Olivan introduces Drew Houston, Dropbox’s CEO, 
to a Facebook employee, David Marcus, and writes: [Read highlight on 66 “We all 
have...cool happen”]. 

• Does Mr. Olivan ask Mr. Marcus to work with Dropbox’s CEO on striking a deal 
between the two companies that involves Facebook’s Messenger app? 

• Did you participate in any discussions with Mr. Olivan regarding Dropbox’s 
negotiations with Facebook in February 2015? 

If you look at the bottom of 63, Papamiltiadis writes: {Read both highlights at bottom of 
63 “Ime can probably...when we decline”]. 



• Does Papamiltiadis state that Dropbox has requested whitelist access to the Full 
Friends list multiple times in the prior weeks? 

• Does Papamiltiadis state that if Facebook gives Dropbox access to the full 
friends list other developers might feel alienated when Facebook refuses to give 
them access too? 

• Did Dropbox at any time have access to capabilities or APIs that were not 
available to all developers through public Platform APIs? 

• Who would know the answer to that? Would Mr. Olivan know? 

87_FB-00045735 - This is a February 2015 email involving a Netflix employee, John 
Midgley, and Facebook employees with the subject “Graph API 2.0 Migration”. If you 
look at the middle of 36, bullet 1, Mr. Midgley writes: [Read highlight on 36 “Since 
we...connected friends”]. 

57_FB-00431352 - This is a November 2013 chat string regarding a task Cross created 
in which you are included. [Read highlight at bottom of 52 “With PS12N, their own 
sitevars”]. 

• Does Mr. Cross state that after Platform Simplification, Facebook will have many 
more private APIs than it does today? 

• Does the fact that many more private APIs are being created have anything to 
do with using the Talent tool to grant capabilities instead of the GKs or sitevars? 

• Why is Facebook now using the Talent tool to grant whitelisted data access as 
opposed to these other tools? 

• What is the Hendrix tool or Hendrix test apps and what was it used for? 

58_FB-00461116 - If you jump down to 25, this is a November 2013 email from Cross. 
When describing “Capability Cleanup,” he writes: [Read highlight on 25 “Goal...pairs”]. 

• Does Cross state that as of this date in November 2013, Facebook offers 315 
whitelisted capabilities to 5,200 different whitelisted apps? 

If you go to 24 in that same email from Cross, he writes in bullet la: [Read all three 
highlights on 24 “la: pre-approve...whitelist and why”]. 

• Is Cross discussing a process for determining which developers would access 
permissions that were public under Graph API but would now be private under 
Graph API 2.0? 



• Does Cross state that a key challenge will be to develop defensible criteria for 
who Facebook whitelists? 

• In this discussion of criteria for whitelisting in this email string, can you point to 
any Facebook employee using the word “privacy” or “trust”? 

• Do the words “privacy” or “trust” appear anywhere in this email string as things 
to consider when determining which developers to whitelist? 

59_FB-00521468 - This is a November 2013 email from Ms. Chang to the partnerships 
team. On the middle of 73, she writes: [Read highlight on 73 “API 
Privatization.. .extension/exemption”]. 

• Does Ms. Chang state that under Platform Simplification 54 public APIs will be 
privatized? 

• If I asked you to name these privatized APIs, would you be able to name a 
handful of them? A dozen of them? 

• Based on your knowledge of these privatized APIs, would you say they were 
rarely used by Platform developers? 

• Does Chang state that her team is working on a first draft of a plan to determine 
which top tier apps would get an extension or an exemption to continue to 
access these private APIs? 

• Did Facebook at times categorize the developers who accessed Platform based 
on Tier 0, Tier 1, Tier 2 and Tier 3 designations? 

• Is it fair to say that Tier 0 and 1 apps are those built by close partners of 
Facebook? 

• Is it fair to say that 643’s app was a Tier 3 app? 

• February 2015 is about two months before Graph API 2.0 became mandatory 
and access to the full friends list was removed from Facebook Platform. Is that 
correct? 

• Is Mr. Midgley stating that after April 30, 2015, Netflix will still have access to the 
full friends list? 

• Did Netflix in fact have access to the full friends list after April 30, 2015? 



• Was Netflix’s ability to access the full friends list or other APIs not available to all 
developers governed by a Private API agreement or similar contract? 

• Do you know if that Private API agreement was produced as part of this 
litigation? 

64_FB-00523178 - This is an October 2013 email exchange between George Lee and 
a number of Facebook employees with the subject “Invites & PS12N”. Lee writes in the 
middle of 80: [Read highlights on 80 “Key concern...reach non-app friends”]. 

• Does Mr. Lee state that the key concern is user privacy and user trust when 
proposing as a solution that Facebook remove all non-app friends? 

• Does Mr. Lee state that the key concern when proposing as a solution that 
Facebook remove all non-app friends is that Facebook needs to stop leaking its 
graph to platform developers? 

You see on 78 that Sukhar and others discuss building an API they call the “lookup 
API” that might let developers still grow their app without leaking the graph. Do you 
see they discuss a lookup API? 

Sukhar asks towards the top of 78 “Would growth actually be ok with this?” Do you 
see that? 

• Who does Sukhar mean by growth? 

• Is Mr. Olivan the executive in charge of the growth team? [If IDK, what is his 
title?] 

• Did you participate directly in any discussions with Mr. Olivan regarding this 
“lookup API” around October 2013? 

You see at the top of 78 Lee responds: [Read top two highlights on 78 “At the end of 
the day...trust in some way”]. 

• Does Lee state that Facebook’s efforts related to removing the friend data and 
developing alternative APIs might be creating a situation that actually damages 
user trust? 

• Does Lee suggest that Facebook can look the other way on this? 

• Why was Facebook considering building the lookup API as an alternative way 
for certain apps to access friend data after friend data had been restricted to 
developers? [If IDK, you have no idea what building the lookup API would 
solve?] 



88_FB-00567905 - This is a December 2013 task with the subject “PS12n Whitelist 
Pre-Approval - Enumerate the new Capabilities to be added to support the PS12n 
deprecations”. You’ll see at the bottom of 05 the task is described as follows: [Read 
highlight at bottom of 05 “PS12n will introduce...features”]. 

• Does this task description state that Facebook will create new capabilities in its 
whitelist tools to allow apps to continue using data that was removed from 
Platform on April 30, 2015? 

• Simon Cross created this task, right? 

• When Cross says “allow apps,” does he mean all apps? 

• Is the goal of this task to build APIs that let certain companies whitelisted by 
Facebook access data that from 2012 to 2014 was generally available to any 
company that abided by Facebook’s policies? 

89_FB-00545978 - This is a January 2014 email string with the subject “OG feedback 
from games devs”. You see on 80 a Facebook employee shares feedback from game 
developers. For instance, in the middle of 80, a game maker writes that OG is the most 
important viral channel besides request and that they’ve been optimizing their games 
for this. And then at the bottom of the note another developer writes that he hopes 
Facebook can imagine how big OG actions are for them. Do you see that? Is that 
correct? 

If you then look at 78, there is an email from George Lee to Greg Marra where Lee asks 
if is still the plan to kill action links from platform feed stories? Do you see that? 

And then Marra responds that they would like to kill action links and it is brought up 
frequently during executive reviews. Is that correct? 

Then Purdy asks Marra in his second bullet right above that on 78 if Cox, Mark or 
others are giving that feedback. Is that correct? 

• Is it fair to say that posting action links in a user’s newsfeed was a popular way 
for an app to grow its users based on the feedback? 

• Does Marra state that the plan is to remove the ability for developers to use 
these action links in newsfeed to grow their apps? 

• Does Marra imply that this decision is in line with the thinking of Facebook 
executives? 



• Does Purdy ask Marra if Chris Cox, Mark Zuckerberg or another Facebook 
executive is driving the decision to remove developers’ ability to post action 
links in newsfeed? 

• Did you participate directly in discussions with Cox, Zuckerberg and others in 
January 2014 regarding Facebook’s decision to remove action links in 
newsfeed? 

• Do you know if any of the custodians participated in these meetings? 

• Can you confirm the presence of any attendees in these meetings with Cox and 
Zuckerberg? 

29_FB-00241059 - This is an April 2013 presentation titled “Tough Platform 
Questions”. [Read highlights on 60], Does this say that Facebook users can choose 
which specific types of data and which specific apps can access their data? [yes] 

31 _FB-00485786 - This is a June 2013 email string between Purdy, Vernal, O’Neil and 
others discussing data collected on platform developer Net Promoter Scores, noting 
that NPS has dipped slightly to -13. A Facebook employee writes: [read highlights on 
88 ], 

• Who are Eddie and Shyam going to review the developer satisfaction scores 
with? 

• Did you participate in this meeting with Eddie, Shyam, and Zuckerberg 
discussing developer satisfaction in June 2014? 

35_FB-00477024 - This is an August 2013 chat string between O’Neil and 
Koumouzelis. Mr. O’Neil writes: [read first and second highlights on 24 “I think 
getting...Netflix to understand”]. 

• What does Mr. O’Neil mean when he states that losing access to the full friends 
list and friends_*permissions is going to be like withdrawing from meth? 

• Why will it be hard for Netflix to understand? 

• In August 2013, was Netflix accessing data from Facebook that was not 
generally available to all developers? 

• After April 30, 2015, did Netflix access data from Facebook that was not 
generally available to all developers? 



• Does Netflix today access data from Facebook that is not generally available to 
all developers? 

Koumouzelis responds: [read third and fourth highlights on 24], 

• What is Mr. Koumouzelis’ title and who does he report to? 

• Does Mr. Koumouzelis refer to special APIs? What is a special API? 

• Does Mr. Koumouzelis imply that you need to be on a whitelist to access special 
APIs? 

• Does Mr. Koumouzelis state that after removing friends.get it will be known that 
some developers have access to special APIs? 

• Does Mr. Koumouzelis imply that as of August 14, 2013 at least some 
developers don’t know that other developers have access to special APIs? 

Mr. O’Neil responds: [read fifth highlight]. 

• Does Mr. O’Neil state that some apps will still be able to access friends because 
they are whitelisted? 

• Does Mr. O’Neil imply that the user trust message is diluted when Facebook 
gives special access to data to certain developers but not others? 

Koumouzelis responds: [read sixth and seventh highlights at bottom of 24 and first four 

highlights on 25 “yeah - I think we need to finesse...approval from product], 

• Does Mr. Koumouzelis agree that the messaging needs to be finessed? 

• Does Mr. Koumouzelis imply that a key motivation for these Platform 3.0 
changes and in particular the friends permission changes is to protect Facebook 
from competition? 

• Does Mr. Koumouzelis describe a process where approval for developers to 
access certain data might be reviewed by a member of the Facebook product 
team directly? 

• Was it typical from 2010 up to this time for a Facebook product team member to 
directly participate in decisions regarding a developer’s app being allowed on 
Facebook? 



• Have you encountered any situations in which a Facebook product team 
member influenced which apps or features the policy and operations team 
permitted on Facebook Platform and which would be rejected? [If “no,” then 
say: the entire time you’ve been a Facebook employee, you’ve never been 
involved in a situation where an employee working on one of Facebook’s own 
products influenced the approval or rejection of a specific app or feature on 
Facebook Platform?; if “yes,” document specifics]. 


41_FB-00061671 - This is an August 2013 email from Daniels to Purdy clarifying what 
he means by “value”. [Read the second highlight at bottom of 74 “I think that there 
are...other?]. 

• Does Daniels state in his second bullet that one exception from being cut off to 
this data is if you are a developer that has an existing relationship with 
Facebook and you would have public relations issues if Facebook removed your 
data access? 

• Does Daniels state in his third bullet that one exception from being cut off to this 
data is if you are a developer with whom Facebook can trade access to data for 
other value? 

• What is Home notification support? [if IDK, who would know?] 

• Does Daniels state that requiring developers to link their content to FB is one 
way for developers to provide sufficient value to trade access to data? 

• Does Daniels state that requiring developers to purchase advertising sold by 
Facebook is one way for developers to provide sufficient value to trade access 
to data? 

42_FB-00551862 - This is an August 2013 email from Kevin Lacker, a former Parse 
engineer, who writes: [Read highlight on 62], 

• Does Mr. Lacker state that when Facebook gives Private API access to 
Developer A and not Developer B that Developer A can do things in its 
application that Developer B cannot? 

• Does Mr. Lacker imply that this might give Developer A an advantage relative to 
Developer? 

• Does Mr. Lacker imply that it is more likely that a developer obtains this 
advantage if the developer is friends with someone at Facebook? 



49_FB-00456661 - This is a September 2013 email among various Facebook 
employees discussing games and the friends permissions, with the subject “friends 
API”. Namita Gupta writes: [Read highlight on 63 and highlight on 64 “My 
recommendation...away for free”]. 

• Does Ms. Gupta write that her recommendation is to launch a friends API for 
games simultaneously with the removal of the friends API available to all 
developers? 

• Does Ms. Gupta state that Facebook feels it is giving away its friend graph for 
free to non-game developers? 

• Does Ms. Gupta state that Facebook is making an exception for games to 
continue to access friend data that is being removed from all other apps 
because Facebook gets 30% of a game’s revenues? 

• Do you feel that games may require a heightened sensitivity on Facebook’s part 
to user privacy and user trust concerns compared to non-game apps? 

65_FB-00575243 - This is an October 2013 email from Mr. Vishwanath responding to 
the discussion in the email we just reviewed. Vishwanath writes: [Read top two 
highlights on 43] 

• Does Mr. Vishwanath state that it’s his understanding their goal is to make it 
harder for developers to grow new apps by using existing apps? 

• Does he state that Canvas is the exception where Facebook does want to help 
developers grow their apps? 

• Is Canvas a Facebook product that lets you build a website or an app that is 
part of Facebook? 

• Does Facebook directly generate revenues from games played on Canvas? [yes] 

• Does Facebook directly generate revenues from games that are not played on 
Canvas? [no] 

• Does Vishwanath say that the lookup API would solve the problem of removing 
this friends data without hurting Canvas? 

• Does Vishwanath ask how Facebook would ensure developers don’t use the 
lookup API to grow games off Canvas? 



• When asking this question, is it fair to say that Vishwanath is asking how 
Facebook can ensure the lookup API is not used to support the growth of apps 
whenever Facebook does not receive financial benefit? [Is there another 
reasonable interpretation?] 

77_FB-00454612 - This is a January 2015 task from O’Neil with the subject ‘“Apps 
Others Use’ privacy permissions do not persist after turning Platform off/on.” At the 
bottom of 12, the task is described as follows: [Read fourth highlight at very bottom of 
12 and top highlight of 13 “On the above page,...are returned to the defaults”]. 

• Does this task reference a public Facebook URL and state that a user can click 
that URL to access “Apps Others Use” to have granular control over information 
about the user that is visible in friends’ apps? 

• Does this task state that a user can also turn “platform off” entirely, meaning 
that the user can prevent all of her data from being accessed by any app 
besides Facebook? 

• Does this task describe an issue where if a user turns platform off and then back 
on, her prior settings about which apps and which data she wants to share 
would be reset? 

• When was this task created? [October 2, 2014] 

If you look at the top of 12, O’Neil closes the task on January 5, 2015. Do you see 
that? O’Neil writes: [read top highlight on 12 “Friend permissions...Closing”]. 

• Does O’Neil write in January 2015 that because Facebook is removing friends 
data later in 2014 that they are not going to address this issue? 

• So from October 2014 until April 2015 it was possible that Facebook was not 
accurately representing what I thought were my privacy permissions as a user of 
Facebook? 

• And Facebook never fixed this issue after becoming aware of it in October 
2014? 

78_FB-00580073 - This is an April 2015 task with the subject “Platform Feedback - 
only me profile info leakage via platform”. Facebook employee Connie Yang describes 
the task at the bottom of 73 and top of 74: [Read highlights at bottom of 73 and top of 
74 “Apps on...‘Only Me’?”]. 

• Does Ms. Yang describe an issue in Facebook’s privacy settings? 



Is the “Only Me” setting the one I would check when I want information I put on 
Facebook, like a photo, to only be accessible to me? 


• Does she write that apps on Platform can automatically access information I 
have decided no one else can see? 

• Does she write that apps can display information I want only visible to me to 
other users? 

• Could these other users include people I am not friends with? 

• Does Yang ask if this directly violates what Facebook represents to users the 
“Only Me” setting does? 

• If Facebook were to have failed to maintain functioning privacy settings, could a 
developer’s app inadvertently violate Facebook’s policies regarding users? 

• If I were to see a privacy-related issue in a Platform app around April 2015, is it 
possible that a problem in Facebook’s code caused the issue? 

• Is it possible I would think the developer’s app had caused the issue? Could 
that make me less likely to use the developer’s app? 

• Was it possible for Platform developers when accessing Graph API data in 
2014 to see the granular permission setting on each piece of data it was 
consuming? 

79_FB-00574447 - This is an October 2011 email in which Cross and O’Neil discuss a 
privacy bug. Cross writes: [Read highlights on 47-48]. 

• Does Cross say here that Facebook currently is not making visible to developers 
the privacy setting of a given user action? 

• Was this ever fixed? [If yes, how do you know it was fixed? When was it fixed? 
What was the solution to fix it?] [If no, why wasn’t it fixed?] [If IDK, you don’t 
know if Facebook ever permitted developers to view the privacy settings of 
graph data and actions?] 

80_FB-00510171 - This is a February 2014 task entitled “PS12n Capability Cleanup - 
Remove 698 Apps from the Capabilities Tool”. At the top of 72 there is a description of 
the task that reads: [Read all highlights on 72 “The partnerships teams...go-ahead 
from Doug”] 




• Does this state that the partnerships team at Facebook has completed 
reviewing 5,300 whitelisted, or capability-granted, apps? 

• Does this state that about 700 of these apps will have their capabilities 
removed? 

• Is it reasonable to think that if an apps is not deleted but has certain capabilities 
removed, that someone can still use technically use it but it might not function 
properly? 

• According to this task, does Facebook intend to notify developers in advance 
that these apps might break? 

• Before making the change, does Facebook plan to prepare messaging that it will 
only deliver to a developer if that developer complains? 

• Does Facebook plan to remove capabilities to all 700 apps at once? 

• Is Mr. Purdy responsible for giving the approval to do this? [Is there another 
Doug who could have approved this around this time?] 

90_FB-00560169 - This is a September 2013 chat string between Facebook 
employees Kevin Lacker and Flarshdeep Singh. 

• Was Kevin Lacker the CTO of Parse before its acquisition by Facebook? 

• Would you consider Kevin Lacker to be a respected software engineer with an 
informed opinion regarding software development? Would Mr. Lacker’s 
colleagues? 

Mr. Lacker writes: [Read highlight on 69 “One note...two years”]. 

• Does Mr. Lacker state that the term “deprecate” typically means that something 
still works but is unsupported? [yes] 

• Does Mr. Lacker state that the interpretation of a two-year stability guarantee, or 
two year breaking change window, that makes the most sense to him is that old 
versions should be supported until the new version has been out for two years? 
[Is there another reasonable interpretation of Lacker’s statement?] 

91_FB-00473864 - This is a February 2013 chat string between O’Neil and Amir Naor 
regarding some changes in the iOS SDK to enable frictionless requests in SDK 3.2. 
O’Neil writes: [Read highlight on 64]. Does Mr. O’Neil say that this isn’t a breaking 
change because the previous API still exists? [yes] 



92_FB-00494207 - This is an April 2012 chat string discussing the Diageo app, which 
lets users share alcoholic drink recipes with one another. You can see at the top that 
you were added as a subscriber to the task. 

The issue here was: [Read highlights on 07], Does this mean that “underage Becca” 
could receive alcoholic drink recipes from friends even though the developer, Diageo, 
abided by Facebook’s rules while testing this app? 

Mr. Rudolph provides the answer to this problem. [Read highlights on 12]. 

• Does Rudolph write that age restrictions applied only to Facebook canvas page 
loads and not to data received by developers from graph API or any other APIs? 

• Does Rudolph say that age restrictions have not been enforced on developers 
receiving data from APIs since the APIs were first implemented 5 or 6 years 
ago? 

93_FB-00483662 - This is a June 2012 chat string between O’Neil and Vernal 
regarding a meeting with Apple. 

Vernal writes: [Read highlight on 63], Does O’Neil write that apps are better if they can 
read data from Facebook? 

94_FB-00569937 - This is an August 2012 email string between O’Neil and others 
regarding Graph API improvements. O’Neil writes: [Read highlight on 37], 

• Does O’Neil write that Facebook has invested time and resources in making it 
easier for developers to access friends’ photo albums so long as the developers 
have permission? 

• Is it fair to say that Facebook invested time and resources in making it easier for 
developers to access Facebook’s graph because at the time Facebook felt it 
made business sense to open its graph to developers to build social 
applications that might drive more engagement, users and revenues for 
Facebook? 

95_FB-00489319 - This is an October 2012 email string between Mr. Cox and others 
regarding photo permissions on iOS6. 

Mr. Cox requests that the team add a warning alert to make clear when an iPhone user 
integrates with Facebook that they know that if they reject the permission, they won’t 
be able to share photos from their iPhone camera automatically on Facebook. [Read 
highlight on 22]. 



Mr. Stoop pushes back that Mr. Cox’s solution hurts user trust. [Read highlight on 19], 
Was Mr. Stoop the Photos product manager at this time? Did you participate in these 
particular discussions around October 11,2012 with Messrs. Cox and Stoop regarding 
photo permissions, including the discussion around Mr. Stoop’s view that Mr. Cox’s 
approach would not “instill trust”? 

96_FB-00545723 - This is a January 2012 email string with O’Neil and others regarding 
privacy changes. 

Mr. Larkin writes: [Read highlight on 23], Does Mr. Larkin write that starting January 
2012 users had granular control over who could see their app activity on Facebook? 

97_FB-00558226 - This is a January 2012 presentation regarding integrating Facebook 
into Apple’s iOS6 mobile operating system. 

[Read highlight on 28]. Does this state that by integrating Facebook’s graph with 
Apple’s phone contacts app that it is possible Apple or third parties could potentially 
recreate parts of Facebook’s graph - the network of connections between people and 
their interests? 

[Read highlight on 44], Does this state that if Facebook agrees to this iOS integration 
with Apple that it might be possible that Facebook would get faster reviews when 
Facebook submits its own apps to Apple’s App Store? 


12_FB-00000481 - This is an email from January 2011 from Bret Taylor about 
developer permissions to access Facebook’s photos so users could banner profiles 
from developer apps. [Read all highlights at bottom of 89]. 

• Who does Mr. Taylor say had some questions regarding potentially having to 
whitelist the photo tag API? 

• Did you participate in this particular meeting with Messrs. Taylor and 
Zuckerberg in January 2011 regarding developer access to certain photo 
permissions? 

• Are you aware of any of the Custodians having participated in this meeting? 
[Read highlight on 84], 

• Who does Mr. Lessin say he was instant messaging with regarding developers’ 
permissions concerning photos? 

• Did you participate in this particular instant messaging conversation with 
Messrs. Lessin and Zuckerberg? 



Are you aware of any of the Custodians having participated in this chat? 


[Read first highlight on 81]. Who does Mr. Lessin say made the recommendation 
regarding when Facebook would stop developers from being able to do this kind of 
thing with photos? 

[Read second highlight on 81]. Does Mr. Lessin say that the decision he and Mr. 
Zuckerberg made results in less than clear messaging for developers regarding this 
particular issue? 

13_FB-00000421 - This is a February 2011 email string involving you and others 
discussing the decision to enforce against developers who permit profile bannering. 

You write: [Read highlight on 28], 

• Who do you write will be involved in the meeting to determine the approach to 
what developers are permitted to do with photos regarding page bannering? 
[Lessin, Cox, Zuckerberg] 

• Did you participate in this particular meeting with Messrs. Lessin, Cox and 
Zuckerberg? 

You then write: [Read highlight on 25]. Who decided on the “categorization” that you 
write in this email is unfair? 

Ms. Luu-Van then responds to your note. [Read both highlights on 24], When Ms. Luu- 
Van says “product originally wanted...to auto-kill all these apps,” who is she referring 
to? 

You then respond: [Read all highlights on 22], 

• When you write, “but that has been rejected,” who rejected having a clear policy 
on this developer permission? 

• Does this decision mean it is possible for developers who abide by all the rules 
to still have Facebook break or shut down their app for some period of time? 

14_FB-00000301 - This is an April 2011 email string involving Mr. Vernal and others 
discussing developers’ photo tagging permissions. 

Vernal writes: [Read highlight on 304 and then immediately after on 303]. 

• Who told Mr. Vernal that if Facebook can’t control the photo tagging issue, 
Vernal would be required to whitelist the photo tagging API? 



Did you participate in this particular discussion around April 2011 with Mr. 
Zuckerberg? 




15_FB-00561938 - This is an April 2011 chat between Mr. O’Neil and Carl Sjogreen 
regarding developers publishing content back to Facebook’s graph. Mr. Sjogreen 
writes: [Read highlight on 38], 

• Does “publish stuff back to the graph” mean that content generated by users on 
developer applications is sent back to Facebook to improve its graph and make 
Facebook more valuable for users? 

• Who does Mr. Sjogreen say wants this new policy of requiring that developers 
publish back to the graph to be the default? 

16_FB-00438468 - This is an August 2011 email in which O’Neil and others discuss 
the checkin APIs. David Pio writes: [Read highlight on 68], 

• Who was giving the Q&A in which it was communicated to FB employees that 
checkin APIs would not be changing? 

• Did Mr. Pio state that he communicated to developers that graph api is stable 
and won’t be changing? 

• What is Elder? Could a FB employee use Elder to give a developer access to 
data that other developers did not have? 

17_FB-00369435 - This is an August 2011 email where you write to Jud Hoffman the 
following: [Read highlight on 35 “I cried...our lawyers”]. 

• With whom were you absolutely disgusted? 

• What did they do to absolutely disgust you? 

• Was this a common occurrence during this time at Facebook? [see if related to 
our issue, reflects Facebook as bad actor, etc] 

19_FB-00439462 - This is a December 2011 email from Mr. Cox to product managers. 
Mr. Cox writes: [Read first large set of highlights on 63], 

• Is Mr. Cox Facebook’s Chief Product Officer, that is, the executive in charge of 
all of Facebook’s products? 



• Is it fair to say that when Mr. Cox writes that developers “who integrate with 
Facebook win,” that he means that Facebook Platform and its social data helps 
potentially give developers an advantage when building their applications? 

• Is it fair to say that Facebook executives, including Mr. Cox and Mr. Zuckerberg, 
made public statements during this 2011 and 2012 timeframe that encouraged 
developers to invest resources in building applications integrated with Facebook 
Platform? 

Mr. Cox then writes: [Read second highlight at bottom of 63]. 

• Is open graph the Facebook product that enabled other companies to access 
data from Facebook’s graph, Facebook’s network of connections between 
people? 

• What does Mr. Cox mean when he says they have a goal of launching custom 
open graph broadly? 

20_FB-00477297 - This is a February 2012 email from Mr. Vernal to O’Neil and others 
regarding permissions on iOS. Vernal writes: [Read highlight on 98] and then he goes 
on to list a range of friend permissions. 

• Does Vernal say that it would be “strange” to have a social platform that did not 
allow some friends_* permissions? 

• Did Facebook remove the friends_* permissions from the public Graph API on 
April 30, 2015? 

21_FB-00474412 -This is a March 2012 email between O’Neil and others. O’Neil 
writes: [Read highlight on 13]. 

• Does O’Neil write that it is possible for a developer to interpret “deprecate” as 
“delete” and that it is also possible for a developer to interpret “deprecate” as 
something other than “delete”? [If no, say, “Isn’t this exactly what Karan Mangla 
did in the note to which O’Neil responds? Why else would Mr. O’Neil need to 
clarify that?”] 

• Does O’Neil say that the checkin API will be around for a long time? 

• You know Mr. O’Neil, right? You worked with him regularly for how many years? 

• Why do you think Mr. O’Neil believes this API will be around for a long time? 
22_FB-00495737 - this is a summary of a March 2012 Q&A with Mr. Zuckerberg. 



Ms. Bouchard summarizes Zuckerberg’s statements, noting: [Read highlight on 37], 


• Does Mr. Zuckerberg say in this summary that Facebook intends to build social 
versions of apps common on smartphones? 

• Does Mr. Zuckerberg say that people will be able to replace “whole parts of their 
phones” with Facebook apps? 

• Is it fair to say that many [some?] of the strategic decisions Mr. Zuckerberg 
made in 2012 and 2013 were focused on making Facebook the dominant app 
ecosystem on a smartphone? 


12_FB-00000481 - This is an email from January 2011 from Bret Taylor about 
developer permissions to access Facebook’s photos so users could banner profiles 
from developer apps. [Read all highlights at bottom of 89]. 

• Who does Mr. Taylor say had some questions regarding potentially having to 
whitelist the photo tag API? 

• Did you participate in this particular meeting with Messrs. Taylor and 
Zuckerberg in January 2011 regarding developer access to certain photo 
permissions? 

• Are you aware of any of the Custodians having participated in this meeting? 
[Read highlight on 84], 

• Who does Mr. Lessin say he was instant messaging with regarding developers’ 
permissions concerning photos? 

• Did you participate in this particular instant messaging conversation with 
Messrs. Lessin and Zuckerberg? 

• Are you aware of any of the Custodians having participated in this chat? 

[Read first highlight on 81]. Who does Mr. Lessin say made the recommendation 
regarding when Facebook would stop developers from being able to do this kind of 
thing with photos? 

[Read second highlight on 81]. Does Mr. Lessin say that the decision he and Mr. 
Zuckerberg made results in less than clear messaging for developers regarding this 
particular issue? 



13_FB-00000421 - This is a February 2011 email string involving you and others 
discussing the decision to enforce against developers who permit profile bannering. 

You write: [Read highlight on 28], 

• Who do you write will be involved in the meeting to determine the approach to 
what developers are permitted to do with photos regarding page bannering? 
[Lessin, Cox, Zuckerberg] 

• Did you participate in this particular meeting with Messrs. Lessin, Cox and 
Zuckerberg? 

You then write: [Read highlight on 25]. Who decided on the “categorization” that you 
write in this email is unfair? 

Ms. Luu-Van then responds to your note. [Read both highlights on 24], When Ms. Luu- 
Van says “product originally wanted...to auto-kill all these apps,” who is she referring 
to? 

You then respond: [Read all highlights on 22], 

• When you write, “but that has been rejected,” who rejected having a clear policy 
on this developer permission? 

• Does this decision mean it is possible for developers who abide by all the rules 
to still have Facebook break or shut down their app for some period of time? 

14_FB-00000301 - This is an April 2011 email string involving Mr. Vernal and others 
discussing developers’ photo tagging permissions. 

Vernal writes: [Read highlight on 304 and then immediately after on 303], 

• Who told Mr. Vernal that if Facebook can’t control the photo tagging issue, 
Vernal would be required to whitelist the photo tagging API? 

• Did you participate in this particular discussion around April 2011 with Mr. 
Zuckerberg? 


15_FB-00561938 - This is an April 2011 chat between Mr. O’Neil and Carl Sjogreen 
regarding developers publishing content back to Facebook’s graph. Mr. Sjogreen 
writes: [Read highlight on 38]. 



• Does “publish stuff back to the graph” mean that content generated by users on 
developer applications is sent back to Facebook to improve its graph and make 
Facebook more valuable for users? 

• Who does Mr. Sjogreen say wants this new policy of requiring that developers 
publish back to the graph to be the default? 

16_FB-00438468 - This is an August 2011 email in which O’Neil and others discuss 
the checkin APIs. David Pio writes: [Read highlight on 68], 

• Who was giving the Q&A in which it was communicated to FB employees that 
checkin APIs would not be changing? 

• Did Mr. Pio state that he communicated to developers that graph api is stable 
and won’t be changing? 

• What is Elder? Could a FB employee use Elder to give a developer access to 
data that other developers did not have? 

17_FB-00369435 - This is an August 2011 email where you write to Jud Hoffman the 
following: [Read highlight on 35 “I cried...our lawyers”]. 

• With whom were you absolutely disgusted? 

• What did they do to absolutely disgust you? 

• Was this a common occurrence during this time at Facebook? [see if related to 
our issue, reflects Facebook as bad actor, etc] 

19_FB-00439462 - This is a December 2011 email from Mr. Cox to product managers. 
Mr. Cox writes: [Read first large set of highlights on 63], 

• Is Mr. Cox Facebook’s Chief Product Officer, that is, the executive in charge of 
all of Facebook’s products? 

• Is it fair to say that when Mr. Cox writes that developers “who integrate with 
Facebook win,” that he means that Facebook Platform and its social data helps 
potentially give developers an advantage when building their applications? 

• Is it fair to say that Facebook executives, including Mr. Cox and Mr. Zuckerberg, 
made public statements during this 2011 and 2012 timeframe that encouraged 
developers to invest resources in building applications integrated with Facebook 
Platform? 



Mr. Cox then writes: [Read second highlight at bottom of 63]. 

• Is open graph the Facebook product that enabled other companies to access 
data from Facebook’s graph, Facebook’s network of connections between 
people? 

• What does Mr. Cox mean when he says they have a goal of launching custom 
open graph broadly? 

20_FB-00477297 - This is a February 2012 email from Mr. Vernal to O’Neil and others 
regarding permissions on iOS. Vernal writes: [Read highlight on 98] and then he goes 
on to list a range of friend permissions. 

• Does Vernal say that it would be “strange” to have a social platform that did not 
allow some friends_* permissions? 

• Did Facebook remove the friends_* permissions from the public Graph API on 
April 30, 2015? 

21_FB-00474412 -This is a March 2012 email between O’Neil and others. O’Neil 
writes: [Read highlight on 13]. 

• Does O’Neil write that it is possible for a developer to interpret “deprecate” as 
“delete” and that it is also possible for a developer to interpret “deprecate” as 
something other than “delete”? [If no, say, “Isn’t this exactly what Karan Mangla 
did in the note to which O’Neil responds? Why else would Mr. O’Neil need to 
clarify that?”] 

• Does O’Neil say that the checkin API will be around for a long time? 

• You know Mr. O’Neil, right? You worked with him regularly for how many years? 

• Why do you think Mr. O’Neil believes this API will be around for a long time? 

22_FB-00495737 - this is a summary of a March 2012 Q&A with Mr. Zuckerberg. 

Ms. Bouchard summarizes Zuckerberg’s statements, noting: [Read highlight on 37], 

• Does Mr. Zuckerberg say in this summary that Facebook intends to build social 
versions of apps common on smartphones? 

• Does Mr. Zuckerberg say that people will be able to replace “whole parts of their 
phones” with Facebook apps? 



• Is it fair to say that many [some?] of the strategic decisions Mr. Zuckerberg 
made in 2012 and 2013 were focused on making Facebook the dominant app 
ecosystem on a smartphone? 


29_FB-00241059 - This is an April 2013 presentation titled “Tough Platform 
Questions”. [Read highlights on 60], Does this say that Facebook users can choose 
which specific types of data and which specific apps can access their data? [yes] 


31 _FB-00485786 - This is a June 2013 email string between Purdy, Vernal, O’Neil and 
others discussing data collected on platform developer Net Promoter Scores, noting 
that NPS has dipped slightly to -13. A Facebook employee writes: [read highlights on 
88 ], 

• Who are Eddie and Shyam going to review the developer satisfaction scores 
with? 

• Did you participate in this meeting with Eddie, Shyam, and Zuckerberg 
discussing developer satisfaction in June 2014? 


35_FB-00477024 - This is an August 2013 chat string between O’Neil and 
Koumouzelis. Mr. O’Neil writes: [read first and second highlights on 24 “I think 
getting...Netflix to understand”]. 

• What does Mr. O’Neil mean when he states that losing access to the full friends 
list and friends_*permissions is going to be like withdrawing from meth? 

• Why will it be hard for Netflix to understand? 

• In August 2013, was Netflix accessing data from Facebook that was not 
generally available to all developers? 

• After April 30, 2015, did Netflix access data from Facebook that was not 
generally available to all developers? 

• Does Netflix today access data from Facebook that is not generally available to 
all developers? 

Koumouzelis responds: [read third and fourth highlights on 24], 

• What is Mr. Koumouzelis’ title and who does he report to? 




Does Mr. Koumouzelis refer to special APIs? What is a special API? 



• Does Mr. Koumouzelis imply that you need to be on a whitelist to access special 
APIs? 

• Does Mr. Koumouzelis state that after removing friends.get it will be known that 
some developers have access to special APIs? 

• Does Mr. Koumouzelis imply that as of August 14, 2013 at least some 
developers don’t know that other developers have access to special APIs? 

Mr. O’Neil responds: [read fifth highlight]. 

• Does Mr. O’Neil state that some apps will still be able to access friends because 
they are whitelisted? 

• Does Mr. O’Neil imply that the user trust message is diluted when Facebook 
gives special access to data to certain developers but not others? 

Koumouzelis responds: [read sixth and seventh highlights at bottom of 24 and first four 
highlights on 25 “yeah - I think we need to finesse...approval from product], 

• Does Mr. Koumouzelis agree that the messaging needs to be finessed? 

• Does Mr. Koumouzelis imply that a key motivation for these Platform 3.0 
changes and in particular the friends permission changes is to protect Facebook 
from competition? 

• Does Mr. Koumouzelis describe a process where approval for developers to 
access certain data might be reviewed by a member of the Facebook product 
team directly? 

• Was it typical from 2010 up to this time for a Facebook product team member to 
directly participate in decisions regarding a developer’s app being allowed on 
Facebook? 

• Have you encountered any situations in which a Facebook product team 
member influenced which apps or features the policy and operations team 
permitted on Facebook Platform and which would be rejected? [If “no,” then 
say: the entire time you’ve been a Facebook employee, you’ve never been 
involved in a situation where an employee working on one of Facebook’s own 
products influenced the approval or rejection of a specific app or feature on 
Facebook Platform?; if “yes,” document specifics]. 



41_FB-00061671 - This is an August 2013 email from Daniels to Purdy clarifying what 
he means by “value”. [Read the second highlight at bottom of 74 “I think that there 
are...other?]. 

• Does Daniels state in his second bullet that one exception from being cut off to 
this data is if you are a developer that has an existing relationship with 
Facebook and you would have public relations issues if Facebook removed your 
data access? 

• Does Daniels state in his third bullet that one exception from being cut off to this 
data is if you are a developer with whom Facebook can trade access to data for 
other value? 

• What is Home notification support? [if IDK, who would know?] 

• Does Daniels state that requiring developers to link their content to FB is one 
way for developers to provide sufficient value to trade access to data? 

• Does Daniels state that requiring developers to purchase advertising sold by 
Facebook is one way for developers to provide sufficient value to trade access 
to data? 

42_FB-00551862 - This is an August 2013 email from Kevin Lacker, a former Parse 
engineer, who writes: [Read highlight on 62], 

• Does Mr. Lacker state that when Facebook gives Private API access to 
Developer A and not Developer B that Developer A can do things in its 
application that Developer B cannot? 

• Does Mr. Lacker imply that this might give Developer A an advantage relative to 
Developer? 

• Does Mr. Lacker imply that it is more likely that a developer obtains this 
advantage if the developer is friends with someone at Facebook? 

49_FB-00456661 - This is a September 2013 email among various Facebook 
employees discussing games and the friends permissions, with the subject “friends 
API”. Namita Gupta writes: [Read highlight on 63 and highlight on 64 “My 
recommendation...away for free”]. 




Does Ms. Gupta write that her recommendation is to launch a friends API for 
games simultaneously with the removal of the friends API available to all 
developers? 



• Does Ms. Gupta state that Facebook feels it is giving away its friend graph for 
free to non-game developers? 

• Does Ms. Gupta state that Facebook is making an exception for games to 
continue to access friend data that is being removed from all other apps 
because Facebook gets 30% of a game’s revenues? 

• Do you feel that games may require a heightened sensitivity on Facebook’s part 
to user privacy and user trust concerns compared to non-game apps? 


65_FB-00575243 - This is an October 2013 email from Mr. Vishwanath responding to 
the discussion in the email we just reviewed. Vishwanath writes: [Read top two 
highlights on 43] 

• Does Mr. Vishwanath state that it’s his understanding their goal is to make it 
harder for developers to grow new apps by using existing apps? 

• Does he state that Canvas is the exception where Facebook does want to help 
developers grow their apps? 

• Is Canvas a Facebook product that lets you build a website or an app that is 
part of Facebook? 

• Does Facebook directly generate revenues from games played on Canvas? [yes] 

• Does Facebook directly generate revenues from games that are not played on 
Canvas? [no] 

• Does Vishwanath say that the lookup API would solve the problem of removing 
this friends data without hurting Canvas? 

• Does Vishwanath ask how Facebook would ensure developers don’t use the 
lookup API to grow games off Canvas? 

• When asking this question, is it fair to say that Vishwanath is asking how 
Facebook can ensure the lookup API is not used to support the growth of apps 
whenever Facebook does not receive financial benefit? [Is there another 
reasonable interpretation?] 

77_FB-00454612 - This is a January 2015 task from O’Neil with the subject ‘“Apps 
Others Use’ privacy permissions do not persist after turning Platform off/on.” At the 




bottom of 12, the task is described as follows: [Read fourth highlight at very bottom of 
12 and top highlight of 13 “On the above page,...are returned to the defaults”]. 

• Does this task reference a public Facebook URL and state that a user can click 
that URL to access “Apps Others Use” to have granular control over information 
about the user that is visible in friends’ apps? 

• Does this task state that a user can also turn “platform off” entirely, meaning 
that the user can prevent all of her data from being accessed by any app 
besides Facebook? 

• Does this task describe an issue where if a user turns platform off and then back 
on, her prior settings about which apps and which data she wants to share 
would be reset? 

• When was this task created? [October 2, 2014] 

If you look at the top of 12, O’Neil closes the task on January 5, 2015. Do you see 
that? O’Neil writes: [read top highlight on 12 “Friend permissions...Closing”]. 

• Does O’Neil write in January 2015 that because Facebook is removing friends 
data later in 2014 that they are not going to address this issue? 

• So from October 2014 until April 2015 it was possible that Facebook was not 
accurately representing what I thought were my privacy permissions as a user of 
Facebook? 

• And Facebook never fixed this issue after becoming aware of it in October 
2014? 

78_FB-00580073 - This is an April 2015 task with the subject “Platform Feedback - 
only me profile info leakage via platform”. Facebook employee Connie Yang describes 
the task at the bottom of 73 and top of 74: [Read highlights at bottom of 73 and top of 
74 “Apps on...‘Only Me’?”]. 

• Does Ms. Yang describe an issue in Facebook’s privacy settings? 

• Is the “Only Me” setting the one I would check when I want information I put on 
Facebook, like a photo, to only be accessible to me? 

• Does she write that apps on Platform can automatically access information I 
have decided no one else can see? 

• Does she write that apps can display information I want only visible to me to 
other users? 



• Could these other users include people I am not friends with? 

• Does Yang ask if this directly violates what Facebook represents to users the 
“Only Me” setting does? 

• If Facebook were to have failed to maintain functioning privacy settings, could a 
developer’s app inadvertently violate Facebook’s policies regarding users? 

• If I were to see a privacy-related issue in a Platform app around April 2015, is it 
possible that a problem in Facebook’s code caused the issue? 

• Is it possible I would think the developer’s app had caused the issue? Could 
that make me less likely to use the developer’s app? 

• Was it possible for Platform developers when accessing Graph API data in 
2014 to see the granular permission setting on each piece of data it was 
consuming? 

79_FB-00574447 - This is an October 2011 email in which Cross and O’Neil discuss a 
privacy bug. Cross writes: [Read highlights on 47-48]. 

• Does Cross say here that Facebook currently is not making visible to developers 
the privacy setting of a given user action? 

• Was this ever fixed? [If yes, how do you know it was fixed? When was it fixed? 
What was the solution to fix it?] [If no, why wasn’t it fixed?] [If IDK, you don’t 
know if Facebook ever permitted developers to view the privacy settings of 
graph data and actions?] 

80_FB-00510171 - This is a February 2014 task entitled “PS12n Capability Cleanup - 
Remove 698 Apps from the Capabilities Tool”. At the top of 72 there is a description of 
the task that reads: [Read all highlights on 72 “The partnerships teams...go-ahead 
from Doug”] 

• Does this state that the partnerships team at Facebook has completed 
reviewing 5,300 whitelisted, or capability-granted, apps? 

• Does this state that about 700 of these apps will have their capabilities 
removed? 

• Is it reasonable to think that if an apps is not deleted but has certain capabilities 
removed, that someone can still use technically use it but it might not function 
properly? 



• According to this task, does Facebook intend to notify developers in advance 
that these apps might break? 

• Before making the change, does Facebook plan to prepare messaging that it will 
only deliver to a developer if that developer complains? 

• Does Facebook plan to remove capabilities to all 700 apps at once? 

• Is Mr. Purdy responsible for giving the approval to do this? [Is there another 
Doug who could have approved this around this time?] 

81_FB-00411863 - This is an April 2014 email exchange between O’Neil, Rose and 
others with the subject “F8 changes impact on canvas revenue”. In the middle of 64, 
Mr. Rose writes: [Read both highlights on 64 “If we determine...not let that happen”]. 

• Is it fair to say that many (some?) Canvas apps are games people can play on 
Facebook built by another developer? 

• Does Mr. Rose raise the issue that because Facebook gets a 30% revenue 
share on Canvas apps that removing data access to these apps might lower 
Facebook’s revenues from these games or Canvas apps? 

• Does Rose state they should consider whether to treat Canvas apps differently 
from all other apps? 

• Who does Rose state will decide if the revenue hit to canvas is worth making the 
data access changes to Platform? [Zuckerberg] 

• Who does Rose state needs to “explicitly approve” whether Facebook makes an 
exception for Canvas apps? [Is “Mark,” Zuckerberg? Is there another Mark with 
the authority at Facebook to make this decision?] 

• Who else do they need to ask according to Rose? Who is Ebes? What was 
Ebes’ title during this time and to whom did Ebes’ report? 

• Did you participate directly in any discussions with Mr. Rose and Mr. 

Zuckerberg during April 2014 regarding whether and how to exclude Canvas 
apps or Canvas games from the Platform 3.0 changes? 

• Did Facebook in fact create exceptions for Canvas apps and games that 
permitted them to maintain parity after Login v4 and Graph API 2.0 went into 
effect on April 30, 2015? 



• Did Facebook build private APIs only available to developers categorized as 
Canvas games or apps in order to replace the APIs being removed from Graph 
API? [What APIs?] 

• Were you concerned that this exception for a significant number of apps might 
undermine Facebook’s narrative that it was making these changes in order to 
improve user trust, privacy and control? [Was anyone you worked with 
concerned? Who?] 

• Do you think that these Canvas apps or games are less likely to create user 
trust, privacy or control issues compared to other apps? [Why is that?] 

90_FB-00560169 - This is a September 2013 chat string between Facebook 
employees Kevin Lacker and Flarshdeep Singh. 

• Was Kevin Lacker the CTO of Parse before its acquisition by Facebook? 

• Would you consider Kevin Lacker to be a respected software engineer with an 
informed opinion regarding software development? Would Mr. Lacker’s 
colleagues? 

Mr. Lacker writes: [Read highlight on 69 “One note...two years”]. 

• Does Mr. Lacker state that the term “deprecate” typically means that something 
still works but is unsupported? [yes] 

• Does Mr. Lacker state that the interpretation of a two-year stability guarantee, or 
two year breaking change window, that makes the most sense to him is that old 
versions should be supported until the new version has been out for two years? 
[Is there another reasonable interpretation of Lacker’s statement?] 

91_FB-00473864 - This is a February 2013 chat string between O’Neil and Amir Naor 
regarding some changes in the iOS SDK to enable frictionless requests in SDK 3.2. 
O’Neil writes: [Read highlight on 64]. Does Mr. O’Neil say that this isn’t a breaking 
change because the previous API still exists? [yes] 

92_FB-00494207 - This is an April 2012 chat string discussing the Diageo app, which 
lets users share alcoholic drink recipes with one another. You can see at the top that 
you were added as a subscriber to the task. 

The issue here was: [Read highlights on 07], Does this mean that “underage Becca” 
could receive alcoholic drink recipes from friends even though the developer, Diageo, 
abided by Facebook’s rules while testing this app? 



Mr. Rudolph provides the answer to this problem. [Read highlights on 12]. 


• Does Rudolph write that age restrictions applied only to Facebook canvas page 
loads and not to data received by developers from graph API or any other APIs? 

• Does Rudolph say that age restrictions have not been enforced on developers 
receiving data from APIs since the APIs were first implemented 5 or 6 years 
ago? 

93_FB-00483662 - This is a June 2012 chat string between O’Neil and Vernal 
regarding a meeting with Apple. 

Vernal writes: [Read highlight on 63]. Does O’Neil write that apps are better if they can 
read data from Facebook? 

94_FB-00569937 - This is an August 2012 email string between O’Neil and others 
regarding Graph API improvements. O’Neil writes: [Read highlight on 37], 

• Does O’Neil write that Facebook has invested time and resources in making it 
easier for developers to access friends’ photo albums so long as the developers 
have permission? 

• Is it fair to say that Facebook invested time and resources in making it easier for 
developers to access Facebook’s graph because at the time Facebook felt it 
made business sense to open its graph to developers to build social 
applications that might drive more engagement, users and revenues for 
Facebook? 

95_FB-00489319 - This is an October 2012 email string between Mr. Cox and others 
regarding photo permissions on iOS6. 

Mr. Cox requests that the team add a warning alert to make clear when an iPhone user 
integrates with Facebook that they know that if they reject the permission, they won’t 
be able to share photos from their iPhone camera automatically on Facebook. [Read 
highlight on 22]. 

Mr. Stoop pushes back that Mr. Cox’s solution hurts user trust. [Read highlight on 19], 
Was Mr. Stoop the Photos product manager at this time? Did you participate in these 
particular discussions around October 11,2012 with Messrs. Cox and Stoop regarding 
photo permissions, including the discussion around Mr. Stoop’s view that Mr. Cox’s 
approach would not “instill trust”? 

96_FB-00545723 - This is a January 2012 email string with O’Neil and others regarding 
privacy changes. 



Mr. Larkin writes: [Read highlight on 23], Does Mr. Larkin write that starting January 
2012 users had granular control over who could see their app activity on Facebook? 


97_FB-00558226 - This is a January 2012 presentation regarding integrating Facebook 
into Apple’s iOS6 mobile operating system. 

[Read highlight on 28]. Does this state that by integrating Facebook’s graph with 
Apple’s phone contacts app that it is possible Apple or third parties could potentially 
recreate parts of Facebook’s graph - the network of connections between people and 
their interests? 

[Read highlight on 44]. Does this state that if Facebook agrees to this iOS integration 
with Apple that it might be possible that Facebook would get faster reviews when 
Facebook submits its own apps to Apple’s App Store? 

47_FB-00473462 - This is an August 2013 email from Koumouzelis with the subject 
“Platform 3.0”. Koumouzelis writes: [Read highlight on 63 “Unified Review...in 
actuality, privatized”]. 

• Does Koumouzelis write here that friends_* permissions are being privatized? 

• When Facebook announced Graph API 2.0 on April 30, 2014, in which the 
friends_* permissions were removed from Graph API, did Facebook announce 
that these permissions were being “privatized”? 

• Did Facebook announce that these permissions were being “deprecated”? 

• Does “deprecate” imply that the permission either will no longer be supported or 
that it will be removed completely? 

• Does “privatize” imply that the permission will no longer be publicly available but 
instead will be available as part of a Private API accessible to a limited number 
of companies? 

• What do you think Koumouzelis means when he says “deprecated (in actuality, 
privatized)?” 

• Is a Private API one that can only be accessed by developers who sign a non¬ 
standard contract with Facebook, meaning a contract other than Facebook’s 
SRR? 

• Is Unified Review the requirement that all APIs and permissions a developer 
wants for its app will be reviewed and approved by Facebook? 

• Was Unified Review also known as or related to Login Review or Loginv4? 



• Is it fair to say that Unified Review is something that Facebook expected would 
increase user trust and privacy? 

• Could it have been possible for Facebook to have implemented Unified Review 
without deprecating or privatizing friends or photos permissions? [If “no” or 
“IDK,” well, Facebook could have required a unified review of all developer 
permissions in order to approve an app but still permitted a developer to access 
the full friends list after the review, no?] 

• So Unified Review and removing friends permissions aren’t necessarily related, 
meaning it is possible to have one without the other? 

• But Koumouzelis describes them together in this sentence I read, correct? 

Let’s go to 67 in this exhibit, Koumouzelis writes: [Read highlight on 67]. 

• Does Koumouzelis state that all apps built by Platform developers will go 
through Unified Review? 

• Does Koumouzelis state that there are benefits to doing so? 

• Does Koumouzelis state that one of the benefits is that Facebook’s message to 
developers comes across as much more positive because Facebook is using 
permission review to improve user trust? 

• Is it fair to say that Koumouzelis is implying that by combining the discussion of 
Unified Review with the privatization of APIs that Facebook is delivering a more 
positive and defensible message to developers? 


51_FB-00061221 - This is a September 2013 email exchange involving you, 
Papamiltiadis, Archibong and others with the subject “Proactive and Reactive removal 
of permissions”. Papamiltiadis writes: [Read full highlight on 22 “Unlike platform 
simplification...if significant enforce sooner”]. 

• Papamiltiadis quotes text from Mike describing the rationale behind Platform 
3.0. Who is Mike? [Vernal] 

• Does the text Papamiltiadis quotes from Mr. Vernal describing the rationale for 
removing non-app friends and other Graph API permissions use the phrases 
“user privacy” or “user trust” when explaining that rationale? 



Does Papamiltiadis state that the audit of apps he is doing at this time was 
triggered by apps in the identity space? 


• Is Mr. Lessin a member or leader of the identity team and did he trigger this 
review by Papamiltiadis? 

• Does Papamiltiadis state that apps that provide context, contacts and 
reputation overlap with Facebook’s own product roadmap? 

• Does he state that these apps access data from the graph without 
reciprocating? 

• Does he state that at least a few of them are competitive in nature? 

• What apps does Papamiltiadis list? [Refresh, sync.me, Tinder, Linkedln] 

• To your knowledge, were any of these apps ever on a whitelist or blacklist? 

• Does Papamiltiadis ask for help to uncover apps that might be potential 
competitive threats? 

• Does Papamiltiadis state that if the competition from the app is significant that 
Facebook might enforce sooner? 

• Sooner than what? [PS12n, Platform 3.0, Graph API 2.0] 

• So Papamiltiadis is saying that it is possible Facebook could restrict data 
access to these competitive threats before the Graph API 2.0 or Platform 3.0 
announcement? 

• So is it fair to say that when Papamiltiadis states that they could “kill two birds 
with one stone,” he means that rather than restricting data access on a case-by- 
case basis against competitive apps, Facebook could use Platform 3.0/Graph 
API 2.0 changes as a way of addressing these “potential competitive threats” all 
in one go? [If “no” or “IDK,” is there another interpretation of Papamiltiadis’ 
statement in that final paragraph?] 

Papamiltiadis follows up directly with Archibong later that day. [Read both highlights on 

21 ]. 




Does Papamiltiadis state that you told him Facebook does not need to change 
its policies to remove, and I quote, “potential competitive threats”? 




• Does Papamiltiadis state that you mentioned you were putting pressure on Mr. 
Osofsky to enforce data restrictions sooner rather than later on an app that 
was violating data leakage policies? 

• What app does Papamiltiadis state you were referring to? 

• Who made that app and what does it do? 

• Did Facebook have a product during September 2013 that did the same thing 
as that app? [If “no,” was Facebook planning or considering a product that did 
the same or similar things to that app?] 

• What was Facebook’s data leakage policy in September 2013? 

• How was this app violating Facebook’s data leakage policy? 

• Who does Papamiltiadis state he needs to review this proposal as he is the 
customer for the audit? [Mr. Lessin] 

52_FB-00061233 - This is a September 2013 email exchange between Papamiltiadis 
and Archibong regarding the audit of competitive apps. Papamiltiadis writes: [Read 
highlights on 36], 

• Does Papamiltiadis state that he is pulling together data points for a meeting 
with Mr. Lessin? 

• Does Papamiltiadis state that Refresh is an app with 80% of its lifetime users 
retained as monthly active users? 

• Who made the Refresh app and what does it do? 

• Does Papamiltiadis state that the Refresh app is not spammy or crap but an app 
that users like and use a lot? 

Archibong then writes back to Papamiltiadis after the meeting with Mr. Lessin. [Read 
second, third and fourth highlights at bottom of 35 “Great job...taking any action”]. 

• Does Archibong reference a meeting with Mr. Lessin on or around September 
17, 2013? 

• Did you personally participate in this meeting? 



• Does Archibong ask Papamiltiadis to update his recommendation on how 
Facebook Platform will treat context, contact, reputation and productivity apps 
when they submit for review based on Mr. Lessin’s product roadmap? 

• Does Archibong ask Papamiltiadis to consider restricting data access to certain 
apps faster based on Mr. Lessin’s input? 

• What app does Archibong state is an example of an app that based on Mr. 
Lessin’s input, they should potentially restrict data access to sooner? 

• Is it fair to say that Papamiltiadis’ recommendations are being guided by Mr. 
Lessin? 

• Is it fair to say that Mr. Lessin is requesting that Facebook Platform restrict data 
access to apps that are competitive with existing or future products he may be 
building for Facebook? 

Papamiltiadis then follows up a week later with Daniels and Archibong, attaching a plan 
he created based on his meeting with Mr. Lessin. Papamiltiadis writes: [read first 
highlight on 35] “Communicate this plan...act independently”]. 

• Who does Papamiltiadis state he is going to ask about the timing of restricting 
data access? [Vernal and Lessin] 

• What are the two options around timing that Papamiltiadis references Mr. Vernal 
and Mr. Lessin will decide on? 

• So is it fair to say that Papamiltiadis thinks Mr. Vernal and Mr. Lessin are 
responsible for the decision to shut down competitive applications immediately 
or to wait until Graph API 2.0 launches? 

Mr. Daniels responds to Papamiltiadis’ question around timing: [Read all highlights on 
34 “The prevailing opinion...platform access”]. 

• Does Mr. Daniels’ state that Mr. Vernal and Mr. Osofsky are under the 
impression or of the opinion that Facebook will wait to restrict data access to 
these competitors in conjunction “with Platform 3,” also known as Graph API 
2 . 0 ? 

• Did you personally participate in discussions with Messrs. Daniels, Vernal and 
Osofsky in which any of them communicated this to you? 

• To Mr. Daniels, what does the timing of restricting data access depend on? [the 
level of competitive threat] 



• According to Mr. Daniels, if the level of the competitive threat is very high, 
should Facebook restrict access to data sooner or later? 

• Does Mr. Daniels state here that the timing of restricting data access depends 
on how much the app harms user trust or user privacy? 

• What does Mr. Daniels mean when he writes “forcing spend for access to 
permissions”? [If “IDK,” could he mean that developers would need to purchase 
advertisements from Facebook or otherwise pay Facebook in exchange for 
accessing data that at the time was publicly available on Facebook Platform?] 

• Does Mr. Daniels state his opinion that Facebook should separate advertising 
purchases by developers using Facebook’s NEKO advertising product from 
whether those developers receive access to Platform data? 

• Are you aware of any other discussions in which Facebook employees 
discussed whether to force developers to buy advertising from Facebook if they 
wanted to continue to access Facebook’s data? [If “yes,” did you participate in 
any of these discussions? What companies? When? Who made the decision? 
What amount of payment over what time? What data was exchanged? Etc etc] 

• Are you aware of any instances in which Facebook gave certain companies 
access to data that was not available to all companies on Facebook Platform in 
exchange for the company making advertising or other payments to Facebook? 

55_FB-00061437 - This is a September 2013 email exchange between Cross, 
Papamiltiadis and others with the subject “P3.0 Rollout Planning”. 

• You’ll see at the top of 37 Cross describes “capabilities,” “Gks,” and “Sitevars”. 
What is the one-sentence definition of each of those terms? 

• You’ll see that Papamiltiadis refers in the email right below on 37 to the “Talent 
tool”. What is the Talent tool? 

• Did Facebook employees use the Talent tool to grant capabilities to certain 
developers that gave them access to Facebook data that may not have been 
available to all developers? 

• How many different tools did Facebook have to administer whitelists and during 
what years was each tool used? 

On the top of 38, you see Cross writes an email regarding their immediate tasks. Cross 
writes: [Read full highlight on 38 “What we need to do...provide more context)”]. 



• Does Cross state that they need to create two lists: one that includes all of their 
whitelisted permissions and one that includes all the companies they consider 
threats? 

• Does Cross state that they will then determine for each whitelisted permission 
and each app whether the app can keep access or not, or if they need to 
escalate the decision to a superior? 

• Does Cross state that for developers who keep access, they either need to 
verify an existing Extended API Agreement or enter into a new Extended API 
agreement with them? 

• Does Cross use the phrase “user privacy” or “user trust” when describing this 
task regarding which types of data to remove from which developers? 

See on 39, Papamiltiadis emails Cross comments on a presentation Cross prepared. 
Her writes regarding Slide 5: [Read highlight on 39 “Removing access. ..NEKO 
adoption”]. 

• What does NEKO stand for? 

• Does “NEKO adoption” mean increased purchases, and therefore revenues, for 
Facebook’s mobile newsfeed advertising product, aka NEKO? [yes] 

• Does Papamiltiadis suggest that Facebook’s decision to privatize access to the 
full friends list is an “indirect” way to increase the revenues or customers of 
Facebook’s advertising business? [If “no” or “IDK,” is there another reasonable 
interpretation of his statement?] 

63_FB-00433628 - This is an October 2013 chat string between Sukhar and O’Neil. 
Sukhar writes: [Read all highlights on 28 and 29 at once “I just spoke to KP...not for 
deprecations”]. 

• Does Mr. Sukhar state that Papamiltiadis is angry about the Platform 3.0 
changes because Facebook will alienate the developer community and give 
special access to all of Facebook’s friends? 

• Does Sukhar state that Papamiltiadis’ view is “fundamentally correct”? 

• Does Sukhar state that Facebook is eroding the value of Facebook Platform for 
reasons that are not clear? 

• How long have you and Papamiltiadis worked at Facebook together? And 
around this time did you two interact professionally? 



• Did Papamiltiadis ever share these frustrations directly with you? When? What 
did he say? Papamiltiadis never once mentioned his frustration to you? 

• What do you think Sukhar means by “incentive alignment”? Do you recall 
participating in any email conversations where that term was discussed? 

• Does Sukhar state that Facebook’s decision to announce separate Core and 
Beta (also known as Experimental or Extended) APIs is only because Facebook 
is removing access to data like the full friends list and permissions? [Is there 
another reasonable interpretation of Sukhar’s statement?] 


66_FB-00576265 - This is an October 2013 chat string between Sukhar, O’Neil and 
others. Sukhar writes on 65: [Read top two highlights on 65 “I have spent...of the use 
cases”]. 

• Does Sukhar state that the feedback from Facebook employees he met on his 
trip about Platform Simplification was “universally negative”? 

• Does he state that the reason is because they haven’t clearly communicated 
why they are removing access to data? 

You see at the bottom of that same page 65, O’Neil sends Sukhar a presentation he 
gave as a test run about the Platform 3.0 changes and says it was well received. Is that 
correct? 

You see at the top of 66 Sukhar writes in reaction to the presentation: [Read first and 
second highlights on 66 “Interesting that...have heard before”]. 

• Does Mr. Sukhar state that his view had been that Platform 3.0 data restrictions 
like removing friends data were a way to protect Facebook against competition 
from WhatsApp or apps like WhatsApp? 

• At this time in October 2013, did Facebook compete with WhatsApp? 

• Did Facebook purchase WhatsApp in February 2014 for $19.3 billion? 

• Was Facebook’s purchase of WhatsApp its largest acquisition ever? 

• At any time prior to Facebook’s purchase of WhatsApp, did Facebook to your 
knowledge whitelist or blacklist WhatsApp to any Facebook APIs, capabilities or 
permissions? [Who would know? Would Zuckerberg know? Olivan? Lessin? 
Vernal?] 



• Is it fair to say that Mr. Sukhar was under the impression at this time that 
Platform 3.0 changes were being made at least in part for competitive reasons? 

• Does Mr. Sukhar state that O’Neil’s presentation pitches the Platform 3.0 
changes as a way to protect Facebook’s advertising platform? 

• Does Mr. Sukhar state that positioning Platform 3.0 as a way to protect 
Facebook’s advertising revenues is easier to defend but that it’s not a line of 
reasoning he had heard before? 

If you look down 66 you’ll see that Purdy requests the presentation Sukhar and O’Neil 
had been discussing. He asks if it includes the model they discussed last week? O’Neil 
responds a few messages below on 66: [Read bottom highlight on 66 “Doug: 
yes...discussed last week”]. 

• Does O’Neil tell Purdy that the presentation explaining their reasoning for 
restricting data access under Platform 3.0 includes the aligned / competitive 
model they discussed last week? 

If you go to the top of 68, O’Neil mentions the following: [Read top highlight on 68 “I’ve 
had...all the data”]. 

Purdy then responds below on that page: [Read second and third highlights on 68 “I 
don’t think...on user data”]. 

• Does O’Neil state that he’s received questions from Facebook employees 
regarding why Facebook is now protecting its data? 

• Does Purdy state that they are not going to reopen their philosophy on user 
data? 

• Is it reasonable to conclude that Purdy believes that Facebook’s philosophy on 
user data is that users cannot port much of the data they share on Facebook to 
other applications? 

• Based on this string, is it reasonable to conclude that Purdy is saying the 
decision whether a user can share a certain piece of her data with another 
developer is up to Facebook and depends on whether that other developer 
competes with Facebook? 

67_FB-00499966 - This is a December 2013 chat string between O’Neil and Amir 
Naor, a Facebook employee. Can you take a moment to read the string to yourself. 

• Mr. O’Neil wishes Naor a happy birthday and mentions that removing friends 
birthday data is going to be “especially bad for birthday notifiers”. Naor agrees 



and says that it will also be bad for dating apps. O’Neil then says the dating 
apps will be interesting and that Lulu will be hit hard but Tinder will be fine. Is 
that correct? 

• Does a dating app let a user see a photo and other information about people, 
typically people somehow connected to them, and determine if they’d like to go 
on a date with them? 

• Were Lulu and Tinder popular dating apps? 

• Why does Mr. O’Neil state that Lulu will be harmed but Tinder won’t be? 

• So Mr. O’Neil’s statement has nothing to do with the fact that Tinder will get 
special access to private APIs so it can continue to function after Graph API 2.0 
is released while Lulu will not have the same special access Tinder will have? 

71 _FB-00528042 - This is a January 2014 email from Facebook employee George Lee 
to various Facebook employees. Lee writes: [Read first large highlight at top of 42 “We 
sold developers...the last 2 years”]. 

• Does OG mean Open Graph? 

• Is implicit OG or implicit sharing a way for developers to integrate with 
Facebook’s Newsfeed in a way that helps them grow their apps? 

• Does Lee state that Facebook told developers that one of the best things they 
can do to grow their apps is optimize their use of “implicit OG”? 

• Does Lee state that developers have invested a lot of time to establish that 
traffic on Facebook? 

• Does Lee state that taking away implicit OG nullifies all the work developers 
have done over the past two years to integrate OG? 

• When Lee writes that Facebook “sold developers a bill of good,” is it fair to say 
that he means Facebook made representations to developers that caused them 
to invest time or money in building apps that use “implicit OG”? 

Mr. Lee continues: [Read second and third highlights on 42 “The more I think...canvas 
ecosystem”]. 

• Does Mr. Lee state that removing developers’ ability to use implicit sharing 
reverses a storyline that Facebook has been pushing to developers for two 
years? 



• By “pushing,” is it fair to say that Lee means Facebook is representing that 
storyline as Facebook’s official position in public and private conversations with 
developers and the public? 

• Does Lee state that the damage to Facebook’s Canvas product could be 
“irreparably” harmed if this change is implemented for all Canvas applications? 

• Does Lee state that he and others have expressed concerns in the past and that 
this transition could be “very very painful”? 

73_FB-00556670 - This is a January 2014 email string between Purdy, Sukhar and 
others with the subject “Login v4 + PS12N +f8”. If you go to 71, you’ll see that Purdy 
writes: [Read first highlight “1. We are building...their real online identity”]. 

• Login v4 and unified review are the changes Facebook announced on April 30, 
2014 related to an app seeking permissions to access Facebook data when 
people use their Facebook username and password to login to the app? 

• Login v4 required that Facebook review more permissions to access data than 
Facebook previously required, correct? 

• Is this what Purdy means when he says that these changes are good for people 
and give people control, meaning Facebook offers a safer and more transparent 
experience with users because of these Login v4 changes? 

• Is this the same basic idea as or at least related to the user privacy and control 
messages that Facebook has publicly stated were its reasons for the changes 
announced on April 30, 2014? [admit they are related] 

Purdy then writes: [Read second highlight on 71 “The above user trust...pushback if 
you disagree”]. 

• When Purdy refers to the “user model changes,” is he referring to Login v4? 
[Well he is referring to one of the three products he mentions, Login, PS12N and 
Unified Review. Which is it?] 

• When Purdy refers to the “developer changes,” is he referring to Platform 
Simplification in which access to data like the friends list and friends 
permissions is being removed? 

• Does Purdy write that the user trust message I just read a few moments ago 
“only really hangs together” if Facebook communicates these two major 
changes at the same time, or in one fell swoop? 



• Does Purdy say these two changes need to ship together? 

• Does this mean that it is technically possible for Facebook to implement the 
Login v4 changes without the PS12n changes, or vice versa? 

• Is it fair to say that Purdy’s view is that Facebook needs to announce Login v4 
and PS12N together in order for the user trust message to be coherent? 

You’ll see at the bottom of 70 Purdy mentions reviewing the material discussed in this 
email with Mark on January 27, 2014 - see bullet 2 at the very bottom. Is that right? 
You see right above that in bullet 5, Purdy states they are going to recommend to Mike 
and Mark to postpone F8 until the fall. Is that correct? 

• Is Mike Mr. Vernal? [Is it likely Purdy is referring to another Mike here?] 

• Is Mark Mr. Zuckerberg? [Is it likely Purdy is referring to another Mark here?] 

• Did you participate in this meeting on January 27, 2014 with Mr. Zuckerberg 
concerning the timing of Login v4, PS12N, and F8? [No] 

• Did you have any meetings with Mr. Zuckerberg in January 2014 other than 
company-wide meetings in which he expressed his thoughts regarding the 
timing of Login v4, PS12N, and F8? 

• Did Facebook announce the Login v4 and PS12N changes at F8 on April 30, 
2014? 

• So Facebook presumably got the benefits of the user trust message because, 
according to Purdy, it announced these two changes in one fell swoop? 

• But Facebook did not end up taking Purdy’s recommendation of pushing F8 
back to the fall? 

• Do you know who rejected Purdy’s recommendation and made the final 
decision to hold F8 on April 30, 2014? 

• Who would have the authority to make a decision like that? Would Zuckerberg? 
Would anyone else? [If she gives any names, ask if that person would need to 
get Mr. Zuckerberg’s approval for the date of F8]. 

• Did you make the decision to hold F8 in late April 2014? 


Is Jonny Thaw on this email string? 




• Was Jonny Thaw at this time Mr. Zuckerberg’s executive communications 
assistant, meaning he works directly for Mr. Zuckerberg on communications 
matters? 

82_FB-00433725 - This is a May 2014 chat string among O’Neil, Koumouzelis and two 
Facebook employees, Amir Naor and Sean Kinsey. At the top of 25, Naor writes: [Read 
top highlight on 25 “I disagree...the games ecosystem”]. 

Kinsey then responds: [Read second highlight on 25 “Amir, the inconsistency...regular 
apps to do”]. 

• Do Mr. Naor and Mr. Kinsey both state that Facebook has different rules for 
different developers or holds developers to different standards? 

• Does Mr. Kinsey express amazement that no one has called Facebook out for 
this conduct? 

• Does Mr. Kinsey state that Facebook permits games to do things that regular 
apps can’t do? 

If you go to the bottom of 25, you’ll see that O’Neil replies “I see the inconsistency, we 
just decided that it was worth it.” Do you see that? 

• Why do you suspect Mr. O’Neil thinks it is worth having this inconsistent 
treatment of developers? 

And then if you jump down to 28, Kinsey follows up that: [Read highlight on 28 “It’s 
ironic that...building that trust ©”. 

• Does Kinsey imply that user trust is more important in scenarios where money 
or payments are involved? 

• Can Facebook Canvas games sometimes involve payments or money? 

• What does Kinsey say is ironic to him here? 

• Does Kinsey imply that this exception undermines or calls into question 
Facebook’s public narrative that it is making Platform 3.0 and Login v4 changes 
to build user trust? 

83_FB-00597229 - This is a November 2014 email string discussing Flipboard, a 
developer app, between O’Neil, Papamiltiadis, Archibong and others. If you look at the 
bottom of 32 and top of 33, you see that Eric Feng, the Flipboard CTO, writes that 
Flipboard did not receive read_stream and friend list permissions when Facebook 
reviewed its app. Is that correct? 



Papamiltiadis then responds on 32 with reasons for continuing to let Flipboard access 
read_stream permissions. His third reason at the middle of 32 is: [Read first highlight 
on 32 “3/ Good partnership...baked into their apps”]. 


• Does Papamiltiadis state that prior to or during October 2014 Facebook had in 
some cases declined read_stream access to other developers? 

• Does Papamiltiadis imply that Facebook had not officially notified developers 
that it was restricting read_stream access and so they are surprised by getting 
declined to access it? 

• Does Papamiltiadis state that read_stream access was a well baked feature in 
their apps? 

• From January to October 2014 was read_stream a permission that Facebook 
publicly stated developers could access on Platform? 

O’Neil then responds on the bottom of 31 that Facebook should approve Flipboard 
through whatever timeframe makes sense for the relationship. Is that correct? 

He then writes later in the string at the top of 30 that Flipboard is a very unique case. 
Do you see that? 

• Who does O’Neil say was supposed to be involved in determining Flipboard’s 
access to data around F8? [Cox] 

• Is that Chris Cox, Facebook’s Chief Product Officer? [Is there another Cox? etc] 

• Did you directly participate in discussions with Cox in 2014 regarding 
Flipboard’s access to Platform data? 

If you look at the paragraph above from O’Neil on 30 he writes: [Read second highlight 
on 30 “Agree with KP on...don’t have that news yet”]. 

• Does O’Neil state that Flipboard doesn’t know Facebook is planning to 
announce the Platform 3.0 and Login v4 changes? 

• So if Facebook permits Flipboard to access the permissions, Facebook doesn’t 
have to tell Flipboard now about the coming changes? 

• Does O’Neil agree with Papamiltiadis that Flipboard should be granted an 
exception to access read_stream because of optics? 

• Does Cross in the next email at the very top of 30 say that he supports giving 
Flipboard access for “optics sake”? 



Were Cross and O’Neil aware that Cox wanted to be involved in decisions 
around Flipboard’s access to data when making this decision? 


• Did Cox tell them to give Flipboard access? Who would know that? [Cox?] 

• Did Flipboard have access to any of the capabilities Facebook could enable in 
its whitelist tools anytime in 2014? [If so, which?] 

• Did Flipboard have access to any data that was not available to Flipboard’s 
competitors anytime in 2014? [If so, which competitors were disadvantaged 
relative to Flipboard?] 

84_FB-00577500 - This is a November 2014 email from an Akamai employee to Cross. 
You’ll see in the second line at the top of 02 the Akamai employee, Shlomi Gian, writes 
that Akamai’s video app was rejected from read_stream access. Is that correct? 

And then see on the bottom of 00 and top of 01 Mr. Gian clarifies that Akamai’s app 
was designed to work similarly to Flipboard and then writes: [Read top highlight on 01 
“Does Flipboard...same level of access”]. 

• Did Facebook give Akamai access to read_stream after this request in 
November 2014? [No] 

• Does this email string indicate that Facebook will give or has given Akamai this 
access? [No] 

• From November 2014 to April 2015 did Flipboard have access to read_stream? 
[remind her we just confirmed that in the prior exhibit] 

• So Flipboard and Akamai have competitive apps and in late 2014 and early 2015 
Flipboard can access data that Akamai could not? 

85_FB-00598434 - This is a December 2014 email exchange between Archibong and 
Papamiltiadis discussing Path. If you look at the top of 36 you’ll see that Archibong 
met with Dave Morin, the founder of Path, and Morin was going to reach out to Mark to 
get a sense of how he views Path these days. Is that correct? 

Archibong then describes ways Path and Facebook might work together at the bottom 
of 36. He writes: [Read bottom highlights on 36 “Depending on how...this claim is or 
not”]. 


Does Mr. Archibong consider Path as a customer for an advertising product, 
Audience Network? 



• Does he state that whether Facebook tries to get Path as a customer for this 
advertising product depends on how Mr. Zuckerberg feels about Path? 

• Does Archibong state that Morin thinks two of his competitors in Asia can 
access platform data that Path can’t? 

• Does Archibong ask that they look into Morin’s claim? 

You’ll see a screenshot in the middle of 35 from Facebook’s capabilities tool. The 
screenshot displays Line’s Facebook ID, an email contact for Line, how many active 
users Line has, and which capabilities and app groups Line is subscribed to. Is that 
correct? 

• So Facebook has an email address for Line stored in a database for an internal 
website? 

• Do many companies with access to private APIs have a page like Line’s in 
Facebook’s capabilities tool? 

• So Facebook stores in a database an email address for each developer with 
access to Private APIs, accepting that some email address fields may be blank 
or inaccurate? 

If you look at the top of 34, you’ll see Papamiltiadis has the results of the investigation 
Archibong requested. He writes that Path is blacklisted for photos and status. Line is 
blacklisted for the friends list, read_stream, photo, photo album and other permissions. 
Is that correct? 

• Does Papamiltiadis then state that the Facebook employee who blacklisted Line 
from receiving the friends list wrote that it was done as a preventative measure? 

• A preventative measure against what? A privacy violation? 

• Did Facebook ever pre-enforce data restrictions against developers because it 
suspected the developer might at some point in the future violate a user’s 
privacy? 

• Could the preventative measure be that Line is a messaging app that could 
compete with Facebook Messenger? 

• Does Papamiltiadis then state that Facebook has imposed more restrictions on 
Line than it does on Path? 

• Is it reasonable to think based on this discussion that Mr. Zuckerberg might 
have been involved in any future decisions regarding any data permissions or 
advertising contracts Facebook entered into with Path? 



• Did you participate in any discussions Mr. Zuckerberg held with Mr. Morin 
regarding data permissions or advertising contracts? 

• Do you know if any of the Custodians participated in any discussions Mr. 
Zuckerberg held with Mr. Morin regarding data permissions or advertising 
contracts? 

86_FB-00046059 - This is a January 2015 email string with the subject “Dropbox - 
Messenger integration”. On 66, Mr. Olivan introduces Drew Houston, Dropbox’s CEO, 
to a Facebook employee, David Marcus, and writes: [Read highlight on 66 “We all 
have...cool happen”]. 

• Does Mr. Olivan ask Mr. Marcus to work with Dropbox’s CEO on striking a deal 
between the two companies that involves Facebook’s Messenger app? 

• Did you participate in any discussions with Mr. Olivan regarding Dropbox’s 
negotiations with Facebook in February 2015? 

If you look at the bottom of 63, Papamiltiadis writes: {Read both highlights at bottom of 
63 “Ime can probably...when we decline”]. 

• Does Papamiltiadis state that Dropbox has requested whitelist access to the Full 
Friends list multiple times in the prior weeks? 

• Does Papamiltiadis state that if Facebook gives Dropbox access to the full 
friends list other developers might feel alienated when Facebook refuses to give 
them access too? 

• Did Dropbox at any time have access to capabilities or APIs that were not 
available to all developers through public Platform APIs? 

• Who would know the answer to that? Would Mr. Olivan know? 

87_FB-00045735 - This is a February 2015 email involving a Netflix employee, John 
Midgley, and Facebook employees with the subject “Graph API 2.0 Migration”. If you 
look at the middle of 36, bullet 1, Mr. Midgley writes: [Read highlight on 36 “Since 
we...connected friends”]. 

57_FB-00431352 - This is a November 2013 chat string regarding a task Cross created 
in which you are included. [Read highlight at bottom of 52 “With PS12N, their own 
sitevars”]. 



• Does Mr. Cross state that after Platform Simplification, Facebook will have many 
more private APIs than it does today? 

• Does the fact that many more private APIs are being created have anything to 
do with using the Talent tool to grant capabilities instead of the GKs or sitevars? 

• Why is Facebook now using the Talent tool to grant whitelisted data access as 
opposed to these other tools? 

• What is the Hendrix tool or Hendrix test apps and what was it used for? 

58_FB-00461116 - If you jump down to 25, this is a November 2013 email from Cross. 
When describing “Capability Cleanup,” he writes: [Read highlight on 25 “Goal...pairs”]. 

• Does Cross state that as of this date in November 2013, Facebook offers 315 
whitelisted capabilities to 5,200 different whitelisted apps? 

If you go to 24 in that same email from Cross, he writes in bullet la: [Read all three 
highlights on 24 “la: pre-approve...whitelist and why”]. 

• Is Cross discussing a process for determining which developers would access 
permissions that were public under Graph API but would now be private under 
Graph API 2.0? 

• Does Cross state that a key challenge will be to develop defensible criteria for 
who Facebook whitelists? 

• In this discussion of criteria for whitelisting in this email string, can you point to 
any Facebook employee using the word “privacy” or “trust”? 

• Do the words “privacy” or “trust” appear anywhere in this email string as things 
to consider when determining which developers to whitelist? 

59_FB-00521468 - This is a November 2013 email from Ms. Chang to the partnerships 
team. On the middle of 73, she writes: [Read highlight on 73 “API 
Privatization.. .extension/exemption”]. 

• Does Ms. Chang state that under Platform Simplification 54 public APIs will be 
privatized? 

• If I asked you to name these privatized APIs, would you be able to name a 
handful of them? A dozen of them? 



• Based on your knowledge of these privatized APIs, would you say they were 
rarely used by Platform developers? 

• Does Chang state that her team is working on a first draft of a plan to determine 
which top tier apps would get an extension or an exemption to continue to 
access these private APIs? 

• Did Facebook at times categorize the developers who accessed Platform based 
on Tier 0, Tier 1, Tier 2 and Tier 3 designations? 

• Is it fair to say that Tier 0 and 1 apps are those built by close partners of 
Facebook? 

• Is it fair to say that 643’s app was a Tier 3 app? 

• February 2015 is about two months before Graph API 2.0 became mandatory 
and access to the full friends list was removed from Facebook Platform. Is that 
correct? 

• Is Mr. Midgley stating that after April 30, 2015, Netflix will still have access to the 
full friends list? 

• Did Netflix in fact have access to the full friends list after April 30, 2015? 

• Was Netflix’s ability to access the full friends list or other APIs not available to all 
developers governed by a Private API agreement or similar contract? 

• Do you know if that Private API agreement was produced as part of this 
litigation? 

64_FB-00523178 - This is an October 2013 email exchange between George Lee and 
a number of Facebook employees with the subject “Invites & PS12N”. Lee writes in the 
middle of 80: [Read highlights on 80 “Key concern...reach non-app friends”]. 

• Does Mr. Lee state that the key concern is user privacy and user trust when 
proposing as a solution that Facebook remove all non-app friends? 

• Does Mr. Lee state that the key concern when proposing as a solution that 
Facebook remove all non-app friends is that Facebook needs to stop leaking its 
graph to platform developers? 

You see on 78 that Sukhar and others discuss building an API they call the “lookup 
API” that might let developers still grow their app without leaking the graph. Do you 
see they discuss a lookup API? 



Sukhar asks towards the top of 78 “Would growth actually be ok with this?” Do you 
see that? 

• Who does Sukhar mean by growth? 

• Is Mr. Olivan the executive in charge of the growth team? [If IDK, what is his 
title?] 

• Did you participate directly in any discussions with Mr. Olivan regarding this 
“lookup API” around October 2013? 

You see at the top of 78 Lee responds: [Read top two highlights on 78 “At the end of 
the day...trust in some way”]. 

• Does Lee state that Facebook’s efforts related to removing the friend data and 
developing alternative APIs might be creating a situation that actually damages 
user trust? 

• Does Lee suggest that Facebook can look the other way on this? 

• Why was Facebook considering building the lookup API as an alternative way 
for certain apps to access friend data after friend data had been restricted to 
developers? [If IDK, you have no idea what building the lookup API would 
solve?] 

88_FB-00567905 - This is a December 2013 task with the subject “PS12n Whitelist 
Pre-Approval - Enumerate the new Capabilities to be added to support the PS12n 
deprecations”. You’ll see at the bottom of 05 the task is described as follows: [Read 
highlight at bottom of 05 “PS12n will introduce...features”]. 

• Does this task description state that Facebook will create new capabilities in its 
whitelist tools to allow apps to continue using data that was removed from 
Platform on April 30, 2015? 

• Simon Cross created this task, right? 

• When Cross says “allow apps,” does he mean all apps? 

• Is the goal of this task to build APIs that let certain companies whitelisted by 
Facebook access data that from 2012 to 2014 was generally available to any 
company that abided by Facebook’s policies? 

89_FB-00545978 - This is a January 2014 email string with the subject “OG feedback 
from games devs”. You see on 80 a Facebook employee shares feedback from game 
developers. For instance, in the middle of 80, a game maker writes that OG is the most 



important viral channel besides request and that they’ve been optimizing their games 
for this. And then at the bottom of the note another developer writes that he hopes 
Facebook can imagine how big OG actions are for them. Do you see that? Is that 
correct? 

If you then look at 78, there is an email from George Lee to Greg Marra where Lee asks 
if is still the plan to kill action links from platform feed stories? Do you see that? 

And then Marra responds that they would like to kill action links and it is brought up 
frequently during executive reviews. Is that correct? 

Then Purdy asks Marra in his second bullet right above that on 78 if Cox, Mark or 
others are giving that feedback. Is that correct? 

• Is it fair to say that posting action links in a user’s newsfeed was a popular way 
for an app to grow its users based on the feedback? 

• Does Marra state that the plan is to remove the ability for developers to use 
these action links in newsfeed to grow their apps? 

• Does Marra imply that this decision is in line with the thinking of Facebook 
executives? 

• Does Purdy ask Marra if Chris Cox, Mark Zuckerberg or another Facebook 
executive is driving the decision to remove developers’ ability to post action 
links in newsfeed? 

• Did you participate directly in discussions with Cox, Zuckerberg and others in 
January 2014 regarding Facebook’s decision to remove action links in 
newsfeed? 

• Do you know if any of the custodians participated in these meetings? 

• Can you confirm the presence of any attendees in these meetings with Cox and 
Zuckerberg? 

29_FB-00241059 - This is an April 2013 presentation titled “Tough Platform 
Questions”. [Read highlights on 60]. Does this say that Facebook users can choose 
which specific types of data and which specific apps can access their data? [yes] 

31_FB-00485786 - This is a June 2013 email string between Purdy, Vernal, O’Neil and 
others discussing data collected on platform developer Net Promoter Scores, noting 
that NPS has dipped slightly to -13. A Facebook employee writes: [read highlights on 
88 ], 



• Who are Eddie and Shyam going to review the developer satisfaction scores 
with? 

• Did you participate in this meeting with Eddie, Shyam, and Zuckerberg 
discussing developer satisfaction in June 2014? 

35_FB-00477024 - This is an August 2013 chat string between O’Neil and 
Koumouzelis. Mr. O’Neil writes: [read first and second highlights on 24 “I think 
getting...Netflix to understand”]. 

• What does Mr. O’Neil mean when he states that losing access to the full friends 
list and friends_*permissions is going to be like withdrawing from meth? 

• Why will it be hard for Netflix to understand? 

• In August 2013, was Netflix accessing data from Facebook that was not 
generally available to all developers? 

• After April 30, 2015, did Netflix access data from Facebook that was not 
generally available to all developers? 

• Does Netflix today access data from Facebook that is not generally available to 
all developers? 

Koumouzelis responds: [read third and fourth highlights on 24]. 

• What is Mr. Koumouzelis’ title and who does he report to? 

• Does Mr. Koumouzelis refer to special APIs? What is a special API? 

• Does Mr. Koumouzelis imply that you need to be on a whitelist to access special 
APIs? 

• Does Mr. Koumouzelis state that after removing friends.get it will be known that 
some developers have access to special APIs? 

• Does Mr. Koumouzelis imply that as of August 14, 2013 at least some 
developers don’t know that other developers have access to special APIs? 

Mr. O’Neil responds: [read fifth highlight], 

• Does Mr. O’Neil state that some apps will still be able to access friends because 
they are whitelisted? 



• Does Mr. O’Neil imply that the user trust message is diluted when Facebook 
gives special access to data to certain developers but not others? 

Koumouzelis responds: [read sixth and seventh highlights at bottom of 24 and first four 
highlights on 25 “yeah - I think we need to finesse...approval from product], 

• Does Mr. Koumouzelis agree that the messaging needs to be finessed? 

• Does Mr. Koumouzelis imply that a key motivation for these Platform 3.0 
changes and in particular the friends permission changes is to protect Facebook 
from competition? 

• Does Mr. Koumouzelis describe a process where approval for developers to 
access certain data might be reviewed by a member of the Facebook product 
team directly? 

• Was it typical from 2010 up to this time for a Facebook product team member to 
directly participate in decisions regarding a developer’s app being allowed on 
Facebook? 

• Have you encountered any situations in which a Facebook product team 
member influenced which apps or features the policy and operations team 
permitted on Facebook Platform and which would be rejected? [If “no,” then 
say: the entire time you’ve been a Facebook employee, you’ve never been 
involved in a situation where an employee working on one of Facebook’s own 
products influenced the approval or rejection of a specific app or feature on 
Facebook Platform?; if “yes,” document specifics]. 


41_FB-00061671 - This is an August 2013 email from Daniels to Purdy clarifying what 
he means by “value”. [Read the second highlight at bottom of 74 “I think that there 
are...other?]. 

• Does Daniels state in his second bullet that one exception from being cut off to 
this data is if you are a developer that has an existing relationship with 
Facebook and you would have public relations issues if Facebook removed your 
data access? 

• Does Daniels state in his third bullet that one exception from being cut off to this 
data is if you are a developer with whom Facebook can trade access to data for 
other value? 

• What is Home notification support? [if IDK, who would know?] 



• Does Daniels state that requiring developers to link their content to FB is one 
way for developers to provide sufficient value to trade access to data? 

• Does Daniels state that requiring developers to purchase advertising sold by 
Facebook is one way for developers to provide sufficient value to trade access 
to data? 

42_FB-00551862 - This is an August 2013 email from Kevin Lacker, a former Parse 
engineer, who writes: [Read highlight on 62], 

• Does Mr. Lacker state that when Facebook gives Private API access to 
Developer A and not Developer B that Developer A can do things in its 
application that Developer B cannot? 

• Does Mr. Lacker imply that this might give Developer A an advantage relative to 
Developer? 

• Does Mr. Lacker imply that it is more likely that a developer obtains this 
advantage if the developer is friends with someone at Facebook? 

49_FB-00456661 - This is a September 2013 email among various Facebook 
employees discussing games and the friends permissions, with the subject “friends 
API”. Namita Gupta writes: [Read highlight on 63 and highlight on 64 “My 
recommendation...away for free”]. 

• Does Ms. Gupta write that her recommendation is to launch a friends API for 
games simultaneously with the removal of the friends API available to all 
developers? 

• Does Ms. Gupta state that Facebook feels it is giving away its friend graph for 
free to non-game developers? 

• Does Ms. Gupta state that Facebook is making an exception for games to 
continue to access friend data that is being removed from all other apps 
because Facebook gets 30% of a game’s revenues? 

• Do you feel that games may require a heightened sensitivity on Facebook’s part 
to user privacy and user trust concerns compared to non-game apps? 

65_FB-00575243 - This is an October 2013 email from Mr. Vishwanath responding to 
the discussion in the email we just reviewed. Vishwanath writes: [Read top two 
highlights on 43] 



• Does Mr. Vishwanath state that it’s his understanding their goal is to make it 
harder for developers to grow new apps by using existing apps? 

• Does he state that Canvas is the exception where Facebook does want to help 
developers grow their apps? 

• Is Canvas a Facebook product that lets you build a website or an app that is 
part of Facebook? 

• Does Facebook directly generate revenues from games played on Canvas? [yes] 

• Does Facebook directly generate revenues from games that are not played on 
Canvas? [no] 

• Does Vishwanath say that the lookup API would solve the problem of removing 
this friends data without hurting Canvas? 

• Does Vishwanath ask how Facebook would ensure developers don’t use the 
lookup API to grow games off Canvas? 

• When asking this question, is it fair to say that Vishwanath is asking how 
Facebook can ensure the lookup API is not used to support the growth of apps 
whenever Facebook does not receive financial benefit? [Is there another 
reasonable interpretation?] 

77_FB-00454612 - This is a January 2015 task from O’Neil with the subject ‘“Apps 
Others Use’ privacy permissions do not persist after turning Platform off/on.” At the 
bottom of 12, the task is described as follows: [Read fourth highlight at very bottom of 
12 and top highlight of 13 “On the above page,...are returned to the defaults”]. 

• Does this task reference a public Facebook URL and state that a user can click 
that URL to access “Apps Others Use” to have granular control over information 
about the user that is visible in friends’ apps? 

• Does this task state that a user can also turn “platform off” entirely, meaning 
that the user can prevent all of her data from being accessed by any app 
besides Facebook? 

• Does this task describe an issue where if a user turns platform off and then back 
on, her prior settings about which apps and which data she wants to share 
would be reset? 

• When was this task created? [October 2, 2014] 




If you look at the top of 12, O’Neil closes the task on January 5, 2015. Do you see 
that? O’Neil writes: [read top highlight on 12 “Friend permissions...Closing”]. 

• Does O’Neil write in January 2015 that because Facebook is removing friends 
data later in 2014 that they are not going to address this issue? 

• So from October 2014 until April 2015 it was possible that Facebook was not 
accurately representing what I thought were my privacy permissions as a user of 
Facebook? 

• And Facebook never fixed this issue after becoming aware of it in October 
2014? 

78_FB-00580073 - This is an April 2015 task with the subject “Platform Feedback - 
only me profile info leakage via platform”. Facebook employee Connie Yang describes 
the task at the bottom of 73 and top of 74: [Read highlights at bottom of 73 and top of 
74 “Apps on...‘Only Me’?”]. 

• Does Ms. Yang describe an issue in Facebook’s privacy settings? 

• Is the “Only Me” setting the one I would check when I want information I put on 
Facebook, like a photo, to only be accessible to me? 

• Does she write that apps on Platform can automatically access information I 
have decided no one else can see? 

• Does she write that apps can display information I want only visible to me to 
other users? 

• Could these other users include people I am not friends with? 

• Does Yang ask if this directly violates what Facebook represents to users the 
“Only Me” setting does? 

• If Facebook were to have failed to maintain functioning privacy settings, could a 
developer’s app inadvertently violate Facebook’s policies regarding users? 

• If I were to see a privacy-related issue in a Platform app around April 2015, is it 
possible that a problem in Facebook’s code caused the issue? 

• Is it possible I would think the developer’s app had caused the issue? Could 
that make me less likely to use the developer’s app? 




• Was it possible for Platform developers when accessing Graph API data in 
2014 to see the granular permission setting on each piece of data it was 
consuming? 

79_FB-00574447 - This is an October 2011 email in which Cross and O’Neil discuss a 
privacy bug. Cross writes: [Read highlights on 47-48]. 

• Does Cross say here that Facebook currently is not making visible to developers 
the privacy setting of a given user action? 

• Was this ever fixed? [If yes, how do you know it was fixed? When was it fixed? 
What was the solution to fix it?] [If no, why wasn’t it fixed?] [If IDK, you don’t 
know if Facebook ever permitted developers to view the privacy settings of 
graph data and actions?] 

80_FB-00510171 - This is a February 2014 task entitled “PS12n Capability Cleanup - 
Remove 698 Apps from the Capabilities Tool”. At the top of 72 there is a description of 
the task that reads: [Read all highlights on 72 “The partnerships teams...go-ahead 
from Doug”] 

• Does this state that the partnerships team at Facebook has completed 
reviewing 5,300 whitelisted, or capability-granted, apps? 

• Does this state that about 700 of these apps will have their capabilities 
removed? 

• Is it reasonable to think that if an apps is not deleted but has certain capabilities 
removed, that someone can still use technically use it but it might not function 
properly? 

• According to this task, does Facebook intend to notify developers in advance 
that these apps might break? 

• Before making the change, does Facebook plan to prepare messaging that it will 
only deliver to a developer if that developer complains? 

• Does Facebook plan to remove capabilities to all 700 apps at once? 

• Is Mr. Purdy responsible for giving the approval to do this? [Is there another 
Doug who could have approved this around this time?] 

90_FB-00560169 - This is a September 2013 chat string between Facebook 
employees Kevin Lacker and Harshdeep Singh. 



• Was Kevin Lacker the CTO of Parse before its acquisition by Facebook? 

• Would you consider Kevin Lacker to be a respected software engineer with an 
informed opinion regarding software development? Would Mr. Lacker’s 
colleagues? 

Mr. Lacker writes: [Read highlight on 69 “One note...two years”]. 

• Does Mr. Lacker state that the term “deprecate” typically means that something 
still works but is unsupported? [yes] 

• Does Mr. Lacker state that the interpretation of a two-year stability guarantee, or 
two year breaking change window, that makes the most sense to him is that old 
versions should be supported until the new version has been out for two years? 
[Is there another reasonable interpretation of Lacker’s statement?] 

91_FB-00473864 - This is a February 2013 chat string between O’Neil and Amir Naor 
regarding some changes in the iOS SDK to enable frictionless requests in SDK 3.2. 
O’Neil writes: [Read highlight on 64], Does Mr. O’Neil say that this isn’t a breaking 
change because the previous API still exists? [yes] 

92_FB-00494207 - This is an April 2012 chat string discussing the Diageo app, which 
lets users share alcoholic drink recipes with one another. You can see at the top that 
you were added as a subscriber to the task. 

The issue here was: [Read highlights on 07], Does this mean that “underage Becca” 
could receive alcoholic drink recipes from friends even though the developer, Diageo, 
abided by Facebook’s rules while testing this app? 

Mr. Rudolph provides the answer to this problem. [Read highlights on 12]. 

• Does Rudolph write that age restrictions applied only to Facebook canvas page 
loads and not to data received by developers from graph API or any other APIs? 

• Does Rudolph say that age restrictions have not been enforced on developers 
receiving data from APIs since the APIs were first implemented 5 or 6 years 
ago? 

93_FB-00483662 - This is a June 2012 chat string between O’Neil and Vernal 
regarding a meeting with Apple. 

Vernal writes: [Read highlight on 63]. Does O’Neil write that apps are better if they can 
read data from Facebook? 



94_FB-00569937 - This is an August 2012 email string between O’Neil and others 
regarding Graph API improvements. O’Neil writes: [Read highlight on 37], 

• Does O’Neil write that Facebook has invested time and resources in making it 
easier for developers to access friends’ photo albums so long as the developers 
have permission? 

• Is it fair to say that Facebook invested time and resources in making it easier for 
developers to access Facebook’s graph because at the time Facebook felt it 
made business sense to open its graph to developers to build social 
applications that might drive more engagement, users and revenues for 
Facebook? 

95_FB-00489319 - This is an October 2012 email string between Mr. Cox and others 
regarding photo permissions on iOS6. 

Mr. Cox requests that the team add a warning alert to make clear when an iPhone user 
integrates with Facebook that they know that if they reject the permission, they won’t 
be able to share photos from their iPhone camera automatically on Facebook. [Read 
highlight on 22]. 

Mr. Stoop pushes back that Mr. Cox’s solution hurts user trust. [Read highlight on 19], 
Was Mr. Stoop the Photos product manager at this time? Did you participate in these 
particular discussions around October 11,2012 with Messrs. Cox and Stoop regarding 
photo permissions, including the discussion around Mr. Stoop’s view that Mr. Cox’s 
approach would not “instill trust”? 

96_FB-00545723 - This is a January 2012 email string with O’Neil and others regarding 
privacy changes. 

Mr. Larkin writes: [Read highlight on 23]. Does Mr. Larkin write that starting January 
2012 users had granular control over who could see their app activity on Facebook? 

97_FB-00558226 - This is a January 2012 presentation regarding integrating Facebook 
into Apple’s iOS6 mobile operating system. 

[Read highlight on 28]. Does this state that by integrating Facebook’s graph with 
Apple’s phone contacts app that it is possible Apple or third parties could potentially 
recreate parts of Facebook’s graph - the network of connections between people and 
their interests? 

[Read highlight on 44]. Does this state that if Facebook agrees to this iOS integration 
with Apple that it might be possible that Facebook would get faster reviews when 
Facebook submits its own apps to Apple’s App Store? 



12_FB-00000481 - This is an email from January 2011 from Bret Taylor about 
developer permissions to access Facebook’s photos so users could banner profiles 
from developer apps. [Read all highlights at bottom of 89]. 

• Who does Mr. Taylor say had some questions regarding potentially having to 
whitelist the photo tag API? 

• Did you participate in this particular meeting with Messrs. Taylor and 
Zuckerberg in January 2011 regarding developer access to certain photo 
permissions? 

• Are you aware of any of the Custodians having participated in this meeting? 
[Read highlight on 84], 

• Who does Mr. Lessin say he was instant messaging with regarding developers’ 
permissions concerning photos? 

• Did you participate in this particular instant messaging conversation with 
Messrs. Lessin and Zuckerberg? 

• Are you aware of any of the Custodians having participated in this chat? 

[Read first highlight on 81]. Who does Mr. Lessin say made the recommendation 
regarding when Facebook would stop developers from being able to do this kind of 
thing with photos? 

[Read second highlight on 81]. Does Mr. Lessin say that the decision he and Mr. 
Zuckerberg made results in less than clear messaging for developers regarding this 
particular issue? 

13_FB-00000421 - This is a February 2011 email string involving you and others 
discussing the decision to enforce against developers who permit profile bannering. 

You write: [Read highlight on 28], 

• Who do you write will be involved in the meeting to determine the approach to 
what developers are permitted to do with photos regarding page bannering? 
[Lessin, Cox, Zuckerberg] 


Did you participate in this particular meeting with Messrs. Lessin, Cox and 
Zuckerberg? 



You then write: [Read highlight on 25]. Who decided on the “categorization” that you 
write in this email is unfair? 

Ms. Luu-Van then responds to your note. [Read both highlights on 24]. When Ms. Luu- 
Van says “product originally wanted...to auto-kill all these apps,” who is she referring 
to? 

You then respond: [Read all highlights on 22], 

• When you write, “but that has been rejected,” who rejected having a clear policy 
on this developer permission? 

• Does this decision mean it is possible for developers who abide by all the rules 
to still have Facebook break or shut down their app for some period of time? 

14_FB-00000301 - This is an April 2011 email string involving Mr. Vernal and others 
discussing developers’ photo tagging permissions. 

Vernal writes: [Read highlight on 304 and then immediately after on 303]. 

• Who told Mr. Vernal that if Facebook can’t control the photo tagging issue, 
Vernal would be required to whitelist the photo tagging API? 

• Did you participate in this particular discussion around April 2011 with Mr. 
Zuckerberg? 

15_FB-00561938 - This is an April 2011 chat between Mr. O’Neil and Carl Sjogreen 
regarding developers publishing content back to Facebook’s graph. Mr. Sjogreen 
writes: [Read highlight on 38], 

• Does “publish stuff back to the graph” mean that content generated by users on 
developer applications is sent back to Facebook to improve its graph and make 
Facebook more valuable for users? 

• Who does Mr. Sjogreen say wants this new policy of requiring that developers 
publish back to the graph to be the default? 

16_FB-00438468 - This is an August 2011 email in which O’Neil and others discuss 
the checkin APIs. David Pio writes: [Read highlight on 68], 

• Who was giving the Q&A in which it was communicated to FB employees that 
checkin APIs would not be changing? 



• Did Mr. Pio state that he communicated to developers that graph api is stable 
and won’t be changing? 

• What is Elder? Could a FB employee use Elder to give a developer access to 
data that other developers did not have? 

17_FB-00369435 - This is an August 2011 email where you write to Jud Hoffman the 

following: [Read highlight on 35 “I cried...our lawyers”]. 

• With whom were you absolutely disgusted? 

• What did they do to absolutely disgust you? 

• Was this a common occurrence during this time at Facebook? [see if related to 
our issue, reflects Facebook as bad actor, etc] 

19_FB-00439462 - This is a December 2011 email from Mr. Cox to product managers. 

Mr. Cox writes: [Read first large set of highlights on 63], 

• Is Mr. Cox Facebook’s Chief Product Officer, that is, the executive in charge of 
all of Facebook’s products? 

• Is it fair to say that when Mr. Cox writes that developers “who integrate with 
Facebook win,” that he means that Facebook Platform and its social data helps 
potentially give developers an advantage when building their applications? 

• Is it fair to say that Facebook executives, including Mr. Cox and Mr. Zuckerberg, 
made public statements during this 2011 and 2012 timeframe that encouraged 
developers to invest resources in building applications integrated with Facebook 
Platform? 

Mr. Cox then writes: [Read second highlight at bottom of 63]. 

• Is open graph the Facebook product that enabled other companies to access 
data from Facebook’s graph, Facebook’s network of connections between 
people? 

• What does Mr. Cox mean when he says they have a goal of launching custom 
open graph broadly? 


20_FB-00477297 - This is a February 2012 email from Mr. Vernal to O’Neil and others 
regarding permissions on iOS. Vernal writes: [Read highlight on 98] and then he goes 
on to list a range of friend permissions. 



• Does Vernal say that it would be “strange” to have a social platform that did not 
allow some friends_* permissions? 

• Did Facebook remove the friends_* permissions from the public Graph API on 
April 30, 2015? 

21_FB-00474412 -This is a March 2012 email between O’Neil and others. O’Neil 

writes: [Read highlight on 13]. 

• Does O’Neil write that it is possible for a developer to interpret “deprecate” as 
“delete” and that it is also possible for a developer to interpret “deprecate” as 
something other than “delete”? [If no, say, “Isn’t this exactly what Karan Mangla 
did in the note to which O’Neil responds? Why else would Mr. O’Neil need to 
clarify that?”] 

• Does O’Neil say that the checkin API will be around for a long time? 

• You know Mr. O’Neil, right? You worked with him regularly for how many years? 

• Why do you think Mr. O’Neil believes this API will be around for a long time? 

22_FB-00495737 - this is a summary of a March 2012 Q&A with Mr. Zuckerberg. 

Ms. Bouchard summarizes Zuckerberg’s statements, noting: [Read highlight on 37], 

• Does Mr. Zuckerberg say in this summary that Facebook intends to build social 
versions of apps common on smartphones? 

• Does Mr. Zuckerberg say that people will be able to replace “whole parts of their 
phones” with Facebook apps? 

• Is it fair to say that many [some?] of the strategic decisions Mr. Zuckerberg 
made in 2012 and 2013 were focused on making Facebook the dominant app 
ecosystem on a smartphone? 


FB-00917791 - Nov 19, 2012 Zuckerberg email on 92 MAKING FINAL DECISION ON 
FULL RECIPROCITY. “The quick summary is that I think we should go with full 
reciprocity and access to app friends for no charge. Full reciprocity means that 
apps are required to give any user who connects to FB a prominent option to 
share all of their social content within that service (ie all content that is visible to 
more than a few people, but excluding 1:1 or small group messages) back to 
Facebook. In addition to this, in the future, I also think we should develop a 




premium service for things like instant personalization and coefficient, but that 
can be separate from this next release of platform.... First, to answer the question 
of what we should do, the very first question I developed an opinion on was what 
we should be optimizing for.... The answer I came to is that we’re trying to enable 
people to share everything they want, and to do it on Facebook. Sometimes the 
best way to enable people to share something is to have a developer build a 
special purpose app or network for that type of content and to make that app 
social by having Facebook plug into it. However, that may be good for the world 
but it’s not good for us unless people also share back to Facebook and that 
content increases the value of our network. So ultimately, I think the purpose of 
platform - even the read side - is to increase sharing back to Facebook.... 

There’s some more nuance to this opinion though: First, in any model, I’m 
assuming we enforce our policies against competitors much more strongly.... 
Second, if we’re limiting friends to app friends, we need to make sure we build 
the appropriate distribution tools that developers want to invite the rest of the 
user’s friends....It seems like we need some way to fast app switch to the FB app 
to show a dialog on our side that lets you select which of your friends you want to 
invite to an app.... We also need to figure out how we’re going to charge for it. I 
want to make sure this is explicitly tied to pulling non-app friends out of 
friends.get.” Mark then proposes testing first with game developers, noting “This 
could also be an important part of helping us transition our canvas business onto 
mobile if it effectively lets us take a 20-30% cut of the value of FB-connected 
users.” (95) 

FB-01181162 - March 2010 Palihapitiya MZ Vernal Beard Taylor Cox Schroepfer Rose 
Rosenthal Migdal “Apple / Steve Jobs”. 66, MZ notes Steve called him today: “He 
didn’t have too many details, but it sounded like the main thing he was concerned 
about was that we wouldn’t commit to keeping the APIs around for more than 2 years 
(it sounds like they’re asking for 5 years). 65, Beard responds they were willing to give 
on API stability term but Apple doesn’t want to give them address book data and Apple 
wants to be able to consume FB data even if users don’t sign in with connect. 64, 
Vernal notes “I think they don’t want to do it because they don’t see the product and 
are scared we’ll do sketchy stuff with it” referring to giving FB address book data. 62, 
Migdal: “they’re suspicious of FB use of the data for friend finding w/o explicit 
permissioning by user.” 

FB-01199066 - May 2013 “Path” Purdy Rose Vernal Osofsky Lessin MZ. 69, Jabal 
emails FB with Morin copied thanking them for resolving their issues. 68, Osofsky, “The 
headline is that Dave is not pleased, but did not signal that he would escalate things in 
the press. I began by positioning this as a meeting to clear the air. Our primary interest 
is in improving the communications and relationship between our companies. Doug 
then provided a high-level overview of how our platform strategy has evolved over the 
past year. Dave countered with two primary points which are somewhat contradictory. 
On the one hand, Path’s platform integration doesn’t matter to them strategically and 



he doesn’t care if we never turn it back on. They are growing faster since we restricted 
their access, and we are hypocritical because we used the same growth tactics. On 
the other hand, he argued that we should turn friends.get back on because it helped 
users become more engaged on Path. He also stated that developers are abandoning 
platform because they cannot trust us, and that last week’s actions were a perfect 
example why.” Dave stated that the social graph is a “public good”. 67, Purdy then 
discusses two options of considering them competitive and they only get login/sharing 
or doing a deeper partnership which has “the most option value for us”. Osofsky 66: 
“Given that Path launched a messaging product, we should restrict their access to the 
read APIs. This is our consistent approach across the category...I think that engaging 
Dave on the App-Friend Sharing API will do more harm than good. It will lead to 
another discussion on whether we will reenable Path’s access to the friends graph, 
particularly because this was the basic value exchange in the agreement. The 
discussion won’t be productive because the topic is emotional for Dave (i.e., “this is 
not the platform I founded and the way I worked with developers”). We need to figure 
out how to rebuild trust with Dave. But, as long as he doesn’t dramatically escalate 
things (e.g., writing a personal blog post disavowing platform), I think we should try to 
continue to calm things down by focusing on whether we can find a way to align 
strategically with Path. I’m not convinced that we will, but it is a more productive 
discussion framework than focusing on more tactical issues around specific APIs. We 
also should take his feedback seriously that our lack of communications over the past 
few months with the developer and venture community has led many folks to mistrust 
our intentions around platform.” 


DOC REVIEW MARCH 2017 


FB-00080583 - exchange with government of Netherlands auditing data policies in 2011 and 
2012. On FB-00080842 they note that consent for third party applications is not intuitive, “user 
must consult the privacy settings area of the site rather than the Apps area”. Further, Facebook 
hides the “only me” setting and should fix it. FB was on notice of exactly how to fix any issues 
and didn’t do it. 

FB-00110380 - profiling academics as friendly or unfriendly and strategizing how to 
build relationships with them 

FB-00102198 - davos 2012 list 

FB-00733620 - Platform and Promotion Policies presentation, Hendrix Sept 2011. “Our 
Platform is Open”. 


FB-00735572 - Faceboko as “the cure to the common loneliness. A person is lonely if 
she/he wants more social interaction than what is currently available. Facebook 
obliterates that. Facebook broadens and deepens your social circle, letting you get to 



know people with whom you’d never interact otherwise and learning more about your 
close friends. With Facebook, you are never alone. It is heartwarming to know that 
someone is thinking of you, and communication on Facebook is a low bar, allowing 
you to feel less awkward than you might face-to-face. You don’t feel left out, and your 
friends are always with you, right in your pocket. Everyone can be a superstar. 
Amplifying the importance of this basic human need makes Facebook less trivial and 
more emotionally rich.” 

FB-00739540 - March 2010 Flendrix approves Danny Moy request to confirm user flow 
for Farmville 

FB-00753471 - December 2013 Eddie O’Neil email “on friends symmetry: my 
perspective is that my friends list is mine, I can choose whether / not to take it to an 
app, and my friends shouldn’t be able to affect their presence in that list by 
TOS’ing....On required permissions: assume a developer is building a photo app; 
would we really require developers to build a borked version of their app that works 
without photo permission? If so, is that actually a disincentive for adoption FB login?” 
O’NEIL AGREES WITH 643. 


FB-00761834-35 - Feb 2015 discussion where they note partners who haven’t 
migrated to v2 but redact the discussion of the partners under “Company Proprietary 
Information”. This is from the folder of privacy redacted docs that should have 
removed all privacy redactions. FB-00761837 has even more redacted “company 
proprietary information”. 43 and 44 pinterest info redacted. 


FB-01235900 - July 2011 still has “redacted-privilege” info. Social radar asking about 
Graph API. 


FB-00768491 - Dec 2012 example of an automated “Negative Feedback Warning” that 
Facebook sends to app developers, this one went to Wrapp. 643 never received one of 
these warnings. 


FB-01251685 - presentation on quantitative and qualitative impact of removing implicit 
OG. 


FB-01251935 - Apps Strategy Commerce & Local, Aug 2013 presentation, shows FB 
getting into commerce and tracking certain commerce apps, 



FB-01252107-118 - Olivan and Vernal Sept 2013 discuss Messenger Platform. 


FB-01252202 - Identity Acquisition H1/H2 Update June 2013, profile completeness 
etc. 












FB-01252365 - July 2013 presentation, neko goal $2.75M per day chart showing $1B 
run rate by end of 2013 


FB-012353026 - showing reciprocity framework analysis depending on whether there 
is no value to FB, $ value to FB or data value to FB. No value gets login + write. Data 
value gets friends.get if prominent sharing and an api endpoint for fb to pull data from 
or if they get transaction data for payment apps. $ value gets friends.get if payments, 
ad network or advertiser, mostly limited to games or partners for payments 3.0 

FB-01338781 - July 2009 presentation “What value does Platform contribute to 
Facebook?” 


FB-01343200 - “Developers historically impose data tax on users who choose FB” 


FB-00084705 - July 2014, employee asks for policy prohibiting facial recognition on FB 
photos and Sherman etc send back other policies showing that they don’t have explicit 
prohibition but can enforce it in other ways. 


FB-Q0092108-11 - Purdy and PR respond to story from April 2013 by Andrew Chen as 
to why Platform doesn’t work for developers. Sherman writes that “we s ometimes 
block apps that compete with us.” Pastes Purdy’s public response that 



CLEAR MISREPRESENTATION IN APRIL 2013. FIND 
BLOG POST FROM PURDY TO ADD TO MISREPRESENTATIONS. 


FB-00788546-47 - July 2012 privacy updater on Project Neko for mobile measurement 
tracking for “Wilde” (Facebook’s new iOS SDK released Aug 2012) and a project to 
capture location data on android and matching it to cell site IDs and also to check for 
non-Google app stores on android phones for competitive analysis. 

FB-00623580 - Mar 2013 MZ and others working on final Facebook Home 
announcement and addressing privacy concerns about information being collected. 

FB-00072657 - excel file tracking the neko spend of the top iOS and Android grossing 
apps. Same with FB-00073275 and FB-00073287 and FB-00227543 


FB-00809557 - excel sheet with developer verbatim survey responses on observations 
on platform policies 


I 


B-00028527 - excel sheet detailing 30 proactive pitches FB making to tout 
eveloper platform openness and success, mostly featuring Sukhar, also see FB- 


00254661 


FB-00042344 - excel sheet showing regional developer analysis 










FB-00046731 - excel sheet showing top 2500 most engaged Onavo tracked apps in 
minutes of time spent in app 

FB-00047491 - spreadsheet categorizing apps by books, commerce, fitness, finance, 
music, photos, productivity, reputation, travel, video, strategic (looks like not a full list 
but a smaller list to identify a potential partner in each category for something). 

Includes a tab for strategic apps, skype, pinterest, foursquare, twitter, google, amazon, 
snapchat, kakao, sync.me, Mozilla, tumblr, telegram, groupme, voxer etc 

FB-00047811 - excel sheet looks like another Onavo list of top 500 engaged apps on 
android. Whatsapp #1, youtube #2, Facebook #3, Chrome #4 

FB-00048520 - another FB developer survey, FB-00113973 another developer survey 
FB-00049864 - app country analysis spain 
FB-00049863 - app country analysis france 

FB-00051800 - excel sheet tracking FBstart participants using Onavo data, noting 
“missing Onavo data” where no data available. 

FB-00140930 - Excel spreadsheet auditing apps for newsfeed API, categories of 
lifestyle, games, music, photo, astrology, etc etc, shows strategic apps and shows 
removing to twitter, youtube, hulu, linkedin...says amazon and klout are tbd and that 
strategic partners will be evaluated case by case....considers 81 apps to be FB 
replicas. Overall 7,000 apps using newsfeed. Shows recommendation of remove 
access for photo apps, lifestyle apps, etc. 

FB-00140931 - Excel spreadsheet auditing friends permissions apps, shows over 
42,000 apps accessing friends permissions 

FB-00788892 - June 2012 Sherman email regarding FB agreeing to join CA Attorney 
General’s App Agreement requiring apps to have privacy policies, etc. Facebook goes 
further than other companies in requiring apps to have privacy policies that are clear 
and conspicuous. 

FB-00727100 - Nov 2013 Sherman, more discussion on Lulu not violating FB terms. 
FB-00142963 - games list showing neko spend 
FB-00542096 - survey identifying concerns with FB Login 

FB-00561523 - excel sheet comparing pinterest and amazon and showing apps by 
neko spend 



FB-00686775 - excel sheet of apps attending developer mtgs in new York, London 
and seoul, FB-00686203 tracks spend on neko from apps at these events 


FB-00683024 - list of capability names and descriptions and the ID of the owner. Who 
owns most of these capabilities (ID 661792110)? See FB-00681683 for list of apps with 
at least 1 capability enabled, tier, whether high risk or not. See also FB-00807420 

FB-00677282 - list of apps that are friends of mark, 85 apps. List of “noisy apps” ~30 

FB-00667400 - list of apps sorted by amount of implicit clicks to determine impact of 
removing implicit newsfeed (YouTube, Instagram and Twitter most impacted) 

1-00602424 - analysis of app approval with automated review decision versus 



o-part manual decision, notes flags for high spenders, notes flags for no 


venture capital or “fail - too big” or “fail - not startup”. 

FB-00598258 - excel sheet of apps “accelerate” or “bootstrap” in google play store ?? 

FB-00771821 - excel sheet of 16700 apps as neko targets ? 

FB-00850884 - roster showing about 340 employees in Lessin’s org 

FB-01221442 - shows mobile feed data impressions and stories on popular apps and 
what revenue would look like by converting mobile platform stories into ads 

FB-01220323 - excel sheet looks like a Feb 2013 revenue projection for charging devs 
platform access versus neko ads versus both. Platform pricing codename Pluto? Pluto 
pro apps, pro apps, premium apps 

FB-01211794 - looks like an excel sheet of select disabled/deleted apps 

FB-01199363 - excel sheet categorizing all iOS and Android apps by categories and 
showing FB connect penetration in each category 

FB-01150152 - list of reasons for rejecting an app, looks like a login review matrix for 
approval/rejection 

FB-00989798 - excel sheet showing photo engineering tasks and list of engineers and 
what working on in 2012 

FB-00184999 - Tera Randall April 30, 2014 email summarizing coverage from 150 
pieces about Graph API 2.0 showing user control message. Completely controlled the 
news cycle on this. FB-00185042 - Randall replies: “Thank you it was crazy town but 








the team pulled it off!” FB-00185129 - “Really nice work in connecting reporters w/ our 
third party references.” 

FB-00186094 - F8 2014 employee pr guidelines, “common words not to say publicly: 
Login v4, Platform Simplification, Neko, Users”. Has FAQ responses about friend list 
and permissions removal 


FB-00061396 - (97) “A Mass-Adopted Unified contacts App could be an even 
greater threat to us than Messaging” 

FB-00044310 -Tinder/KP March 2015 implementation discussion with Ryan Ogle, 
Jonathan Badeen, Sean Rad. See also FB-00047095 Jan 2015 discussion to 
temporarily give Tinder full friends list capability, FB-00598264 KP reminds Tinder they 
have access for a few more weeks to get onto the new private APIs 

FB-00080932 - Privacy projects table. Update WhatsApp privacy policy to share data 
with FB, update FB policy to allow broad use of facial recognition, discusses SMS & 
call log data (37), photo pre-processing from iOS camera roll because “device 
permissions are insufficient to upload camera roll data to FB servers, even temporarily” 
(41), shows taking contact list of phones for Hello phone app is pulling in non-user data 
(41), android permissions for Bluetooth, nfc, read settings “draws attention to full list of 
android permissions, which contains existing sensitive permissions” (42) 

FB-00089881 - Nov 2013 Scutari “providing policy feedback on a Mark Z. request that 
Product explore the possibility of making the Only Me audience setting unsticky.” 
Summarizes briefly android sms/call log permissions. 

FB-00460392 - Dec 2013 Lacker and Poll trying to figure out from Eddie and TR what’s 
going on with user/third-party IDs. 

FB-00533923 - Permissions v3 presentation, sometime in 2012, showing poor user 
sentiment with platform and need to improve trust 

FB-00590623 - March 2014 Chang O’Neil Cross Hurren TR discuss 
grantextendedpermission capability and Eddie writes that it will be limited to those with 
contracts and be used very sparingly 









FB-01215360 - July 2008 Cheever and Vernal discuss login permissions model, similar 
to what they ended up doing with login v4 

FB-01291941 - birth of Graph API in May 2009 paper by Larry Hastings “Pearls in 
Graph Theory”. Second draft at FB-01292196 

FB-00013982 - Login v4 + stability changes, looks like early 2014? Goes thorugh 
competitive bucketing, popular API calls showing friends list as one of most popular, 
etc. etc. 



FB-00543573 - Facebook/Microsoft Web Search and Maps Agreement Dec 2013 

FB-00840953 - presentation on “What we look for in Login Review”. Looks external¬ 
facing. All expected stuff. 

FB-01162462 - Jan 2012 Colin Stretch email noting that “the FTC is very focused on 
the new GDP dialog” and in particular with whether apps respect the audience selector 
within the app and the change to FB’s authorize button 

FB-00044153 - Feb 2015 discussion with Ticketmaster about migrating to v2 

FB-00547323 - Facebook Platform Agreement for Xbox Live 

FB-00557123 - “Platform User Trust: E2E Quality & Perf” May 2013 presentation 
testing ~30 top developer apps and highlighting user concerns with them 




FB-00564109 

FB-00599074 - FBStart presentation for free help on building mobile apps 
FB-00627307 - FTC guide “Marketing Your Mobile App” 


B-00842164 - Oct 2011 Eddie O’Neill explains to another FB employee how to 
revent an app from taking your data when you haven’t downloaded the app. 
ihows that full control existed already in 2011. 





FB-00960068 - Oct 2012 discussion Sandberg, Archibong, Schrage, Daniels, etc., 
discussing YouTube deciding not to permit cookies on videos, so no like button. 
Discussion of whether to continue to let YouTube violate Facebook’s policies and 
continue to run pre-rolls (“don’t change our TOS but continue to allow YouTube to 






violate it”) (74). They are trying to understand if privacy is Google’s real motivation 
since their +1 button handles cookies the same way as FB’s like button. Sandberg tells 
them to keep the pressure on to find out if privacy or competitive motivation (“I don’t 
think we can let them get away with this”). 

FB-00990251 - April 2012 discussion of privacy settings in apps, Rait suggests letting 
apps FB trusts set privacy settings (54) 

FB-01107907 - Nov 2010 email string with MZ, Swain, Vernal, Schrage, Gleit, Migdal, 
Taylor, Olivan, Stretch, etc. Google and Facebook battling over user export of data. 
Zuckerberg complains about Google not allowing mass exporting of email contacts 
(13-14): “This functionality was not a problem when Orkut was winning in Brazil and 
India, but as soon as people starting preferring Facebook to their products they 
changed their stance. First, Google simply broke their export feature and hoped people 
wouldn’t notice, which they did... Then when they got called out on it, they changed 
their policy completely. Today, the same thing is happening with Gmail 
many more people use Facebook messages than Gmail. Openness doesn’t 
being open when its convenient for you. We find Google’s view to be hypocritical 
Our policy has been consistent. On Facebook, the most important principle is 
every person owns and controls their own information. Each person owns 
friends list, but not their friends’ information. They have no more right to 
export their friends’ email addresses than they do to mass export all of 
friends’ private photo albums.” 



FB-01114459 - Aug 2010 FB employee Pete Bratach emails about certain 
deprecations in a draft doc: “Are we concerned that we’re publicizing things we’ve 
otherwise kept from almost all developers this whole time?” Namita Gupta responds 
that it is a draft and to remove the whitelisted perms that most developers don’t know 
about. 

FB-01122262 - Facebook Platform Agreement with Microsoft August 2009 

FB-01156907 - Lessin Vernal Rait Yao July 2012 email discussion on the new 
nav/privacy/profile model, FB-01159240 - April 2012 Rait, Sadan, Haugen, Vernal 
discussing third-party app privacy considering letting user set privacy in app 

FB-01180324-25 - MZ May 2010 emails Luke Shepard “A while ago you told me you 
were planning to build something that would let people see what pieces of their 
information an app had accessed. Did you end up doing this? It would be an awesome 
thing to launch early next week” 

FB-01221344 - Nov 2012 Platform Business Model presentation 
FB-00020353 - FB employee handbook April 2011 







FB-00085794 - May 2014 Sherman email with Jonny Thaw and Erin Egan listing 
dozens of articles about Facebook’s big privacy push. Put articles in judicial notice 
request? 


FB-00089864 - Nov 2013 email on Lulu where Sherman says not violating policy 

FB-00091715 - June 2013 Sherman, Schrage, Egan discussing conversation with 
Sheryl about options for storing user location data, “the decision comes down to the 
extent to which we want to collect and leverage information that users might not give 
us if we asked them expressly”. Describes most conservative, middleground and most 
aggressive approach, which is “store users’ locations at the neighborhood level over 
the course of 30 days”. Infrastructure team built technology that can infer user’s city 
and “Marcy Lynn found out about this and (appropriately) raised concerns about the 
privacy implications of this kind of an announcement”. 


FB-00095356 - Feb 2013 privacy update. Describes Aura, location project (Aura PM 
made some changes unilaterally with significant policy impact - who was Aura PM?); 
Shark, self-serve retargeting tool project 


FB-00839185 - Nov 20, 2012 - Sheryl forwards MZ full reciprocity decision to Erin 
Egan, Eric Antonow and Elliot Schrage noting “This is in very early stages and I 
don’t want to create a big stir by sending to tons of people in marketing or policy 
and communications. For now, I would like the 3 of you to make sure you fully 
understand what is being proposed (Vernal can answer any questions, to the 
extent we have answers) and surface any things that concern you.” Egan ther 
forwards to Sherman “Shhhhh. But let me know your thoughts.” Sherman write 
back: “I understand why this strategy could be beneficial as a business matter.” 
Discusses risk of sharing coefficients. Then states not to tell users difference 
between sharing full friend list and just app friend list because “it’s tricky to sa^ 
that some apps get full list and others only partial based on how much they pe 
us. I do think it’s fine to get permission to share full friends list but just modulat 
what apps can actually see on the back-end.” 


FB-00947509 - Nov 2012 Cox and Vernal following up on making Zuckerberg’s test of 
messenger games distribution under the new Platform business Model, making it part 
of Cox’s Angora project. 

FB-01349476 - Aug 2014 O’Neil email as they debate app privacy settings updates. 
“The concept of app visibility has existed since at least 2011. In 2013, we migrated the 
value of the deprecated app default privacy into each user+app pair so that each app 
had its own visibility setting. This was done so people could independently control the 
visibility of sensitive apps like Grinder and Bang with Friends. This did not change the 
value of any app’s audience ceiling, though it may have set a ceiling for old paps that 
didn’t have a ceiling. Jeffrey guessed that the typical value of this setting for older 






user+app pairs would be public 50% friends 25% other 25%. Starting in mid-2013, the 
app visibility setting for new user+app pairs defaults to Only Me. Net: the value of 
these settings will be all over the place depending on the age of the user+app pair.” 

FB-01350445 - 3yr product roadmap showing facebook getting into the contacts, 
news, travel, local commerce, events, media, books, etc. 

FB-01350486 - Aug 2013 Jeff Bonforte from Xobni emails Vernal Wyndowe and 
Hudack about continuing to keep “our better than standard API access with FB,” 
including “our most prized API call that Ethan Beard and Mike Vernal helped us re¬ 
secure recently-ish was email-to-FB ID lookup, allowing us to show the right FB 
user/photo for a given email address. Who do you recommend that I speak with at FB 
to transition this API access to Yahoo?” 

FB-01350547 - March 2015 Schrage outlines risk of making privacy policy for new 
Autopilot product publicly known because it is a “sticky default” and FB may launch 
future products where they don’t want default settings to be sticky. 

Vernal/Gleit/Hudack said fine to make public commitment, appears that Olivan/Cox 
pushing back to not make public commitment because they may want to launch 
products that do not have sticky default settings. Sandberg tells Schrage that MZ is ok 
not making the announcement and for Schrep to make the final call. Olivan loops Cox 
into the thread. 

FB-01350574-76 - March 2013 email between Facebook and Xbox where an Xbox 
employee notes that as a follow up to a meeting with FB “FB is open to discussing this 
but wants to work with Xbox on the best way to meet their reciprocity policy described 
in FB’s Platform Policies: Reciprocity: Facebook Platform enables developers to build 
personalized social experiences via the Graph API and related APIs. If you use any 
Facebook APIs to build personalized or social experiences, you must also enable 
people to easily share their experiences back with people on Facebook.” Notes that 
xbox thought an agreement would be straightforward but apparently “it appears this 
may have been a misunderstanding on Xbox side”. 

FB-01350640 - On 42, MZ says about Path “I think we’re being too sensitive to PR 
here and should shut this functionality off. We should ideally let them keep the rest of 
their functionality running except for the offending feature, though he notes previously 
that they aren’t doing anything wrong except that they should have given FB a heads 
up....On 40, Yao says they would be better off discussing as a team to have a 
consistent policy around API guarantees to developers. Rose wants to get deal done 
asap to avoid PR blow up. On 41, Purdy writes: “I am all in favor of shutting this 
down, but I want to make sure we are super buttoned up on the reasoning and 
messaging before doing anything or talking to Dave. I just spent the last 4 hours 
getting hammered by devs and press about this current (make-believe) story that 
we were threatening to shutting down developers as leverage in negotiations. I 
was point blank asked if you (Mark) ever asked me to shutdown an app that didn’t 





violate our policies. Answer: absolutely not. This is the kind of environment that 
Dave can throw a match into easily if we are not careful. When we shut them 
down, I believe we need to make sure that this is viewed as them violating our 
TOS (which they are). We have been clear that competing social networks or 
other parties can not use our API to bootstrap their social networks. Rather, we 
expose a feature, Download My Data, that users can use to move their data to 
other social networks. We put this in place for Google+ and I think it applies here 


as well.’ 


FB-01396179-83 - April 2015 Archibong signs API Extension Agreement with Serotek 
to have until Oct 30, 2015. Exhibit B lists APIs and extension dates. 

FB-01396184 - April 2015 Archibong signs API Extension Agreement with Tobii to 
have until Oct 30, 2015. Exhibit B lists APIs and extension dates. 

FB-01396719-57 - Jan 2011 Wyndowe shares final zynga agreement 

FB-01396933-40 - 2010 Extended API Addendum between FB and Sparrow (Osofsky 
signs for FB, Dominique LECA for Sparrow? 

FB-01397381 - excel sheet tracking privacy violations in 2011 from developer apps 

FB-01396247 - excel sheet showing FB revenue mix from 2013-2014 across 
desktop fed, mobile feed, RHC, promoted posts, promoted likes, mobile app 
installs, video pages, premium videos, custom audiences, fbx, conversion 
tracking, linked page posts, etc. 

FB-00588152 - Aug 2013 Alan McConnell Facebook Engineering Manager writes that 
he thinks “decrease in perceived value is very real and to some extent complaints 
about the “core stuff (docs/bugs/etc) are a proxy for dissatisfaction with the value 
prop...It’s only worse not that distribution isn’t as much of a carrot...Agree with Ilya 
that this is more about product than messaging. Neko is a pretty clear indicator here.” 
Notes that he is skeptical of developers viewing P3 as a stable core and is skeptical 
himself. “Is there a well-enumerated set of APIs/products that wea re so confident in 
that we’re willing to stand behind them with a 3-year no-break policy and/or version?”. 

FB-00004385 - July 2014 email discussion about sending ~80k developers a 2.0 
update notice and how to frame the message. Cross, KP, O’Neil, Sylvia Paq, Huang, 
Munoz 

FB-00023682 - Oct 2013 Lacker tries to make switch to app-scoped IDs less bad 

FB-00023880 - Privacy Principles for Neko products. Nots 10 privacy best practices 
neko should follow. Chart shows neko platform products (mobile conversion tracking 








pixel, server-side ad exclusion, ad delivery optimization, ad retargeting, app analytics), 
shows where FB gets dev/user permission for each product, etc. Discusses that if iOS 
user has ad tracking limited, then only use the identifier for frequency capping, 
conversion events, estimating uniques, security and debugging 

FB-00050763 - deck describing the need to change to graph api 2.0 before april 30 
2015 and listing examples of the “broken experiences for people” for apps who don’t 
(crashes on login, login loops, empty invite dialogs, degraded experiences because 
friend permissions no longer there, errors due to change in graph api response format). 
Clear that this change breaks a lot of apps in a lot of ways. 

FB-00073312 - Instant Personalization Process Overview and Product Requirements 
Jan 2011.27pg PDF 

FB-00074134 - Mobile marketing presentation from Oct 2012 showing launch of neko 
to developers on Oct 15, 2012 

FB-00089752 - Scutari Dec 2013 privacy update 

FB-00137376 - Feb 2014 O’Neil notes that FB will dial down newsfeed distribution for 
implicit OG between now and F8 except for games and music. 

FB-00286185 - spreadsheet of different policy violations and enforcement actions, 
such as warnings, moratoriums on new FB users, moratoriums on using certain 
channels, etc. 

FB-00332289 - April 2012 Sandy Parakilas notes that “of the top 100,000 apps.. .60% 
had no privacy policy in the auth dialogue, those apps are the target of this blast email. 
We will not be enforcing at the deadline, but we do need developers to feel some 
urgency about getting this done.” Both a PR and regulatory issue. FB let 60,000 apps 
operate without clear privacy policy. 

FB-00407342 - F8 2010 employee handbook. On 351, stats 550,000 active 
applications, more than 70% of FB users use third-party apps, more than one millino 
developers in 180 countries. 

FB-00410340 - March 2010 bad-apps@lists.facebook.com - shows they had a bad 
apps list and that at this time 45 apps were potential bad apps 


FB-00542361 - GDP permissions v3 sometime in late 2012. Key document for 
Facebook’s defense of user story. Shows platform sentiment is very bad among 
users and the top 2 dissatisfaction drivers are that 70% of users want greater 
control over what personal info an app can access and 70% of users want greater 
control over what an app publishes to their FB accounts. “Why don’t people feel 
in control w/ Platform? Check out what our auth experiences can look like today. 







They are a mouthful, hard to understand, and often sneaky.” Changes are to 
eliminate basic info/email and unbundling extended profile info into discrete 
permissions. See FB-00559704 - April 2012 shows that app’s privacy settings 
aren’t taken into account for photo/video uploads, FB is ignoring privacy settings. 



terms of the plan, my current thinking is to allow them to use the data but push 
them into a direction where” they will always share back to FB. KP follows up 2 
days later asking O’Neil to write back since he never responded. KP again on 
November 15, three more days later, asks O’Neil to respond and copies Cross 
while suggesting he is happy to do it in person instead if easier. KP then emails 
on Nov 18 for the fourth time asking for Simon to give advice on PS12N 
competitive bucketing and how permissions will be handled. 

FB-00681986 - Dec 2013 Lauryn Hale, Sean Leow, Pete Wild, Abigail Chambers, 
Vijay Shankar “VC-connected apps for pre-PS12N launch”. Discuss how greater 
than 100k apps affected by PS12N and so need to identify the VC-backed ones 
for outreach. 

FB-00745806 - Oct 2011 Hadi Partovi (hadi@fb.coml overseeing project to “get a 
handle of local startups [Seattle] to see if we can find a handful of them to pursue for 
“man-quisition” (purchase the company for the team)”. 

FB-00762379 - Jan 2015 Ogle tells KP that he thought Sean Rad was working on a 
bigger deal for Tinder that would support their “common friends” feature beyond just 
the extension to get friends list. 

FB-00831547 - March 2015 email discussion about launch of Messenger Platform and 
how to block an app. 

FB-00934414-20 - Jan 2013 discussion of how the different privacy frameworks at 
Facebook expose issues with the overall privacy model. 17, “the new about page 
organizes user content in a way that exposes problems with our privacy model and 
with Graph Search recently launched”. 








FB-01138699 - June 2008 Morin Wyndowe Vernal and Josh Elman. Discuss getting 
Xobni whitelisted and getting them a separate contract. 


FB-01138720 - June 2008 Marlette discusses with Vernal Sanghvi Steinberg allowing 
apps to change privacy on albums. Considering it. 


FB-01230076 - Presentation on “Slayer App Strategy: How do we make killer apps in 
Slayer?” Slayer looks like a Platform Developer Program, lists the top Facebook 
developers, etc. Slayer offers identity, engagement, distrubtion and payments. What 
was slayer? 



FB-01235646-723 - March 2014 (?) presentation entitled 47, “Content Production: 
Narrative and Next Steps”. “People are sharing less than they did in 2012 - bu 
more importantly they are sharing drastically different types of content.” 48, “I 
late 2012 we did some extreme stuff to push re-shares - significantly changin 
the composition of content and feed. We undid a bunch (but not all) of our work in 
the first half of 2013 but YoY re-shares numbers are still very funky. To avoid 
being misled by this funk, we’re going to use 2012 as our reference point.” 57, 
Wall posts declined by 63% since 2012 “terminal decline” due to “Fewer profile 
visits and wall posts per visit due to mobile migration and Timeline”. 58, 
Undirected text posts “tanking” since 2012, down 26% because “hurt by 
migration to phones with cameras”. 59, bulk photo uploads “falling fast”, down 


)% since 2012 because “mobile migration means fewer photo albums”. 714, 


“Before phones, people would take their digital cameras out for special events, 
vacatinos, etc. Then, they would post a bunch of photos at once - after uploading 
them to their computer. With phones, people take and share more photos more 
often. They share them individually (rather htan waiting to upload a bunch at 
once).” Email attaching deck is FB-01235610 


FB-01354548 - excel spreadsheet describing all of line naver and kakao’s apps. 

FB-01354813, FB-01354883, FB-01355556 - excel spreadsheet with developer survey 
results 


FB-01360280 - internal excel sheet on F8 2014 agenda showing no sessions explicitly 
discussing API privatizations in PS12N. 

FB-01369111 - list of apps by MAUs 













